Vulnerability in Some Secure USB Sticks

By McAfee on Jan 08, 2010

Recently a slew of news sites announced a newly discovered vulnerability (care of the German Security firm SySS) on a range of supposedly “secure” consumer USB sticks.

With the right tools and know-how, these models from SanDisk, Kingston and Verbatim were apparently easy to defeat and retrieve the data from without knowing the user’s password. Of course, the biggest threat to data on unencrypted USB devices is from device loss or theft.

Going back to the vulnerability, the exploit was simple – it seems the software tool shipped with the sticks validates the password, not the stick itself, and the sticks use a fixed authentication key. Yes, all sticks use the same authentication key. By simply sending this known key to the stick, you can unlock it, or any other stick.

Interestingly, some of these insecure devices had been through FIPS 140-2 Level 2 security certification, so they should have been immune to this kind of attack.

Affected device models include:

• SanDisk Cruzer® Enterprise FIPS Edition with McAfee AV USB flash drive, CZ46 – 1GB
• SanDisk Cruzer® Enterprise FIPS Edition USB flash drive, CZ32 – 1GB, 2GB, 4GB, 8GB
• SanDisk Cruzer® Enterprise with McAfee AV USB flash drive, CZ38 – 1GB, 2GB, 4GB, 8GB
• SanDisk Cruzer® Enterprise USB flash drive, CZ22 – 1GB, 2GB, 4GB, 8GB
• Kingston DataTraveler BlackBox (DTBB)Kingston DataTraveler Secure – Privacy Edition (DTSP)
• Kingston DataTraveler Elite – Privacy Edition (DTEP)
• Verbatim Corporate Secure FIPS Edition USB Flash Drives 1GB, 2GB, 4GB, 8GB
• Verbatim Corporate Secure USB Flash Drive 1GB, 2GB, 4GB, 8GB

This issue shows a classic design problem – software-based password validation. The big mistake here in the design was not making a strong link between the password entered by the user and the cryptographic key on the stick itself.

If the programmers had set a unique key on the stick when the user set their password, the SySS attack would never have worked. Because they just used the password as a validation (effectively giving an entropy of 1 bit), they allowed SySS to bypass this whole “Is the password correct – Yes/No?” routine.

As for the McAfee supplied sticks, our Zero Footprint sticks and hard disks are fully protected from this attack, the exact models are:

• • McAfee Encrypted USB Standard (v.2)
• • McAfee Encrypted USB Zero-Footprint
• • McAfee Encrypted USB Bio
• • McAfee Encrypted USB Hard Disk

These devices do in-hardware validation of the users credentials, the only thing the software does is send it over. If the stick does not agree that your password is correct, it simply won’t unlock the protected partition. No amount of snooping will help you bypass the protection.

These sticks are made by MXI, and are amongst the most secure on the market. The McAfee devices have been through validations such as FIPS-140, and also through several rounds of penetration testing by several international companies.

The EUSB 1.2 supported SanDisk models (those connected to and managed by ePolicy Orchestrator) already have the patched firmware on them. They are not subject to this flaw either.

However, I must say if you bought stand alone SanDisk sticks with McAfee AV from McAfee last year, you would have the same basic SanDisk USB device that you could buy at retail, plus the McAfee anti-virus software. In this case, the SanDisk USB stick will require the SanDisk patch (which is available now from SanDisk directly) to fix the vulnerability mentioned above. No changes are needed to the McAfee anti-virus software installed on the device.

There are a lot of web pages detailing this problem – some of the more popular are:

• SanDisk Security Bulletin December 2009. Cruzer Enterprise FIPS Edition with McAfee USB Flash Drive. “Vulnerability in the access control mechanism”
• NIST-certified USB Flash Drives with Hardware Encryption Cracked”, H-Online, January 4, 2010
• SanDisk Security Bulletin March 2009. Cruzer Enterprise FIPS Edition. “Prevent unauthorized user to compromise the integrity of the read-only CD-ROM partition in these devices.”
• Kingston DataTraveler Security Update Information December 2009.
• Verbatim Important Security Update December 2009.
• SySS Paper on How To Hack SanDisk hardware encrypted USB flash drives.
• SySS Paper on How To Hack Kingston hardware encrypted USB flash drives.
• FIPS 140-2 Level 2 security policy for SanDisk module found inside the affected devices.
• “Kingston Admits Some USB Sticks Can Be Hacked”. PC Advisor, January 4, 2010
• “Kingston Admits ‘Secure’ USB Drives Are Vulnerable”, PCWorld, January 5, 2010
• “Kingston Issues Recall for Certain Thumb Drives”, Ubergizmo, Dec 31, 2009
• “Secure USB Flaw Exposed”, Dark Reading, January 4, 2010