What is the issue?
On January 4, 2010, it was reported by SySS to the media that certain hardware-encrypted USB flash drives have been hacked. Of major concern is that some of these devices have received FIPS 140-2 Level 2 security validation. FIPS 140-2 security validation is required by certain Government agencies to use encryption products.
More information on the reports, research and other news articles relating to this issue can be found here.
Some of the reportedly affected devices include:
- SanDisk Cruzer Enterprise FIPS Edition
- SanDisk Cruzer Enterprise
- Verbatim Corporate Secure FIPS Edition
- Verbatim Corporate Secure
*NOTE* SanDisk OEM their software to other vendors - Verbatim, MXI, PICO and others may be affected - we strongly recommend checking with your supplier if you are in any doubt.
What is the flaw, and what does it mean in practice?
All affected devices can be unlocked instantaneously, and at will with the right tools without knowing the user’s password - rendering the encryption totally useless.
The vulnerability is a fundamental architectural design flaw. The affected products use software that runs on the host PC to verify the user’s password, and then sends a signal to the device to unlock itself. SySS was able to write a simple software unlocker tool that patches the software to always send the unlock code to the devices.
The security flaws of these products include:
- Using software on the host PC to validate the password.
- Using a "backdoor" unlock code. This not only allows attackers to gain access, but it allows the vendors of these products to unlock any of these devices as well.
- Allowing "password replay" attacks. Once the unlock code sequence is known, it can be used over and over again.
Also with a "backdoor" password/code built in, the question must also be asked as to who has access to this backdoor code....
What makes SafeConsoleReady Drives the most secure device, and not vulnerable to such an attack?
- There are NO BACKDOOR PASSWORDS OR UNLOCK CODES in a SafeConsole Ready drive.
- The user password is verified within the hardware device.
- The brute-force protection is also operated within the hardware controller.
- The password entered by the user is hashed in the computer host software using MD5.
- The unique password string enters the BM9930 hardware controller through a totally secure private channel over USB.
- The hashed password string is hashed once more (SHA256) in firmware onboard the drive.
- The dually hashed password is used to access the hardware encrypted cryptographic keys created with the random number generator (ANSI X9.31 RNG) onboard.
- The unique cryptographic keys are used to encrypt all user stored information with AES256-CBC.
- The hardware is fully epoxy encapsulated - tamper proof.
I thought FIPS 140 Level 2 Certification meant it was totally secure. Why not?
We have always maintained that the standard SafeStick is more secure than the FIPS baseline accreditaion. However DataLocker and SafeTo do have FIPS 140-2 accreditation.
The truth is that this a US Government "baseline" for a security product, a "tick box" if you will for customers, and while it does involve rigorous testing of products it does not guarantee that a product is 100% secure, just that it meets a baseline security standard.
Many vendors think that data security means data encryption. The Encryption component is actually a very small part of the overall security implementation of the device as the above vulnerability demonstrates. Products must be designed to ensure secure password management, authentication, encryption key management, design assurance as well as physical security.
In this vulnerability case, the vendors created "backdoors" to unlock all devices, using software running on the host PC and still passed the FIPS 140-2 Level 2 validation.