Simon Says – Musings of a Technology CTO

Recently a whole slew of news sites announced a newly discovered vulnerability (care of the German Security firm SySS) on a range of “supposedly” secure consumer USB sticks.

These models from SanDisk, Kingston and Verbatim were apparently easy to defeat and retrieve the data from without knowing the users password or having any prior knowledge or touch on the stick.

The exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, ALL sticks use the same auth key. By simply sending this known ack key to the stick, you can unlock it, or any other stick.

Interestingly, some of these insecure devices had been through FIPS 140-2 Level 2 security certification, so should really have been immune to this kind of attack.

The affected device models include:

• SanDisk Cruzer® Enterprise FIPS Edition with McAfee USB flash drive, CZ46 – 1GB,
• SanDisk Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 – 1GB, 2GB, 4GB, 8GB
• SanDisk Cruzer® Enterprise with McAfee USB flash drive, CZ38 – 1GB, 2GB, 4GB, 8GB
• SanDisk Cruzer® Enterprise USB flash drive, CZ22 – 1GB, 2GB, 4GB, 8GB
• Kingston DataTraveler BlackBox (DTBB)
• Kingston DataTraveler Secure – Privacy Edition (DTSP)
• Kingston DataTraveler Elite – Privacy Edition (DTEP)
• Verbatim Corporate Secure FIPS Edition USB Flash Drives 1GB, 2GB, 4GB, 8GB
• Verbatim Corporate Secure USB Flash Drive 1GB, 2GB, 4GB, 8GB

This issue shows a classic design problem – software based password validation. The big mistake here in the design was not making a strong link between the password entered by the user and the cryptographic key on the stick itself.

If the programmers had set a unique key on the stick when the user set their password, the SySS attack would never have worked. Because they just used the password as a validation (effectively giving an entropy of 1 bit), they allowed SySS to bypass this whole “Is the password correct – Yes/No?” routine.

As for the McAfee supplied sticks, our Zero Footprint sticks and hard disks are fully protected from this attack, the exact models are:-

• McAfee Encrypted USB Standard (v.2)
• McAfee Encrypted USB Zero-Footprint
• McAfee Encrypted USB Bio
• McAfee Encrypted USB Hard Disk

These devices do in-hardware validation of the users credentials, the only thing the software does is send it over. If the stick does not agree that your password is correct, it simply won’t unlock the protected partition. No amount of snooping will help you bypass the protection.

These sticks are made by MXI, and are amongst the most secure on the market. Yes, they are a little more expensive than the non-McAfee sticks, but they are design-secure. You get what you pay for here.

The McAfee devices have been through certifications such as FIPS-140, and also through several rounds of penetration testing by several international companies.

The EUSB 1.2 supported SanDisk models (those connected to and managed by ePolicy Orchestrator) already have the patched firmware on them. They are not subject to this flaw either.

However, I must say if you bought stand alone SanDisk sticks from McAfee last year, you would have got the same device that you could buy anywhere – we just resell them. The “With McAfee” name just means it has our Anti-Virus software on it, not that it has our data protection system. You should check whether you need the firmware update (via SanDisk themselves).

There are a lot of web pages detailing this problem – some of the more popular are:

• SanDisk Security Bulletin December 2009. Cruzer Enterprise FIPS Edition with McAfee USB Flash Drive. “Vulnerability in the access control mechanism”
• NIST-certified USB Flash Drives with Hardware Encryption Cracked”, H-Online, January 4, 2010
• SanDisk Security Bulletin March 2009. Cruzer Enterprise FIPS Edition. “Prevent unauthorized user to compromise the integrity of the read-only CD-ROM partition in these devices.”
• Kingston DataTraveler Security Update Information December 2009.
• Verbatim Important Security Update December 2009.
• SySS Paper on How To Hack SanDisk hardware encrypted USB flash drives.
• SySS Paper on How To Hack Kingston hardware encrypted USB flash drives.
• FIPS 140-2 Level 2 security policy for SanDisk module found inside the affected devices.
• “Kingston Admits Some USB Sticks Can Be Hacked”. PC Advisor, January 4, 2010
• “Kingston Admits ‘Secure’ USB Drives Are Vulnerable”, PCWorld, January 5, 2010
• “Kingston Issues Recall for Certain Thumb Drives”, Ubergizmo, Dec 31, 2009
• “Secure USB Flaw Exposed”, Dark Reading, January 4, 2010