madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives

By | January 6, 2010, 10:04am PST

A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.

The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.

Cracking the drives is therefore quite an easy process. The folks at SySS wrote an application that always sent the appropriate string to the drive, irrespective of the password entered, and therefore gained immediate access to all the data on the drive.

This is a big deal also from a point of certification. These drives are sold as meeting security standards making them suitable for use with sensitive US Government data (unclassified rating) and have a FIPS 140-2 Level 2 certificate issued by the US National Institute of Standards and Technology (NIST).

Vendors have had a mixed reaction to the news. Kingston has done the right thing and issued a recall. Verbatim and SanDisk has issued a statement and have updates available, but the threat is downplayed.

Bottom line, check your flash drives!

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

SanDisk Corp., Kingston Technology Corp., USB Flash Drive, Encryption, NIST, Verbatim, Flash Memory, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

Talkback Most Recent of 79 Talkback(s)

  • Wow
    thats so astoundingly retarded of the vendors. Its looking to be that whatever "certification" labling on the drives by the manufacturer is to be taken with a grain of salt. I guess Ill go back to using my TrueCrypt scenario - at least that I KNOW doesnt make a boneheaded mistake like these drives did. I wonder how IronKey holds up?
    ZDNet Gravatar
    JT82
    6th Jan 2010
  • RE: Encryption busted on NIST-certified Kingston, SanDisk and Verbatim USB flash drives
    Does anyone know if the same weakness exists for U3 drives as well? I see that they are part of the recall.
    ZDNet Gravatar
    xvn
    6th Jan 2010
  • oops
    I meant to say that U3 drives are NOT part of the recall
    ZDNet Gravatar
    xvn
    6th Jan 2010
  • U3 = Cr@p
    U3 isn't encryption, it's a registry hijacker. U3 technology and others like it are pure crap... I've seen them toast computers just by pluging a drive in...
    ZDNet Gravatar
    i8thecat
    6th Jan 2010
  • um...
    U3 doesn't employ a virtualization scheme so it doesn't do anything to the registry that plugging in a basic USB drive doesn't do - this comment is both uninformed and irrelevant to my question. Sandisk U3 drives do encrypt the data in memory and the U3 framework does allow the user to require a correct password to be entered in order for the drive to be accessible to the file system. What I'm asking here is if the same work around that works against the enterprise drives also works against U3 drives? Can the encrypted data on the drive be accessed without authenticating?
    ZDNet Gravatar
    xvn
    6th Jan 2010
  • Your answer is YES
    The same vulnerability here is probably present in the U3 things, which by the way, have been DISCONTINUED and will not work on Windows 7.
    ZDNet Gravatar
    Lerianis10
    6th Jan 2010
  • U3 works for me on Win7
    Please check your information. I have many U3 UFDs and they all work for me on Win7. Do you mean that a specific U3 application does not work?
    ZDNet Gravatar
    donaldrich
    7th Jan 2010
  • No, I meant the ENTIRE U3 Launchpad doesn't work
    And one of my applications that I use a lot (ACDSee Pro 3) locks up every single time I put a U3 drive in the computer without closing it first... when a regular old USB drive being put on doesn't make it barf like that.
    Finally had to use the 'U3 uninstaller' to totally remove the U3 stuff from the drive and treat it like a regular flash drive.

    I'll espouse a bit more: I have gotten the Launchpad to work by setting it for Windows Vista compatibility mode... but that's a pain.

    U3 has also been totally discontinued now... it was bought out by Microsoft and they are not supporting it anymore and have such down that section totally.
    ZDNet Gravatar
    Lerianis10
    7th Jan 2010
  • Yes U3 drives are subject.
    Yes the encryption built into the drives has nothing to do with them being U3 drives. U3 is only a way for programing on the drives to operate directly from the drive. So U3 is a program feature and the encryption problem is a hardware problem related to the encryption program used by the drives to encrypt/decrypt data on the drive.
    ZDNet Gravatar
    frankinks
    6th Jan 2010
  • NIST = NOT Secure!... IronKey = SAFE
    IronKey is Military Grade security. But sizes are limited at the moment. Here's a quote on how it works:

    "Plenty of USB storage keys are on the market, but Ironkey is the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random."


    Link!!!
    http://hackaday.com/2008/06/26/ironkey-usb-key-has-military-grade-encryption/

    This works on the principle of Secure Java. Which runs on all Secure CC transactions. Along with other Secure Banking Transactions even on Cell Phones.

    The Mighty unhackable Sony PS3 and BD+ Game Disks also have a similar system. Using remote encryption authentication techniques. Random Keys are guaranteed every time. Hack one and it's changed, disabled then listed. Remote authentication ensures in both direction who each party is and the identity of the device.

    On the other hand Xbox 360 has been hacked since 6mos after it came out with DVD Game Disks and no remote key authentication!

    So Microsoft should quit using security techniques even kindergartners can hack in ActiveX .NET! grin
    ZDNet Gravatar
    i2fun@...
    6th Jan 2010
  • Ironkey
    Developed for US military using proprietary encryption.
    ZDNet Gravatar
    HollywoodDog
    6th Jan 2010
  • The encryption is not proprietary.
    The device may have proprietary software on it,
    but the encryption itself if not proprietary,
    and you don't want it to be proprietary.

    Proprietary == untested, unproven. Reverse
    engineering has often proven to be the downfall
    of proprietary encryption algorithms.

    The best encryption algorithms are those that
    are tested and proven under the scrutiny of the
    larger security community and the general
    public.

    Ironkey uses 256 bit AES, which is tested and
    found to be very strong. Even though it's a
    publicly available algorithm, there's yet to be
    found a major weakness. That says a lot about
    the security of the algorithm.

    Note that the weakness was not the encryption
    itself, but rather terrible handling of the
    encryption key. AES itself wasn't broken.

    According to Ironkey, their devices have been
    checked and don't have that vulnerability.

    https://www.ironkey.com/usb-flash-drive-flaw-
    exposed

    https://www.ironkey.com/hardware-encryption
    ZDNet Gravatar
    CobraA1
    6th Jan 2010
  • MXI Security
    USED by the US military wink
    ZDNet Gravatar
    rorywass
    7th Jan 2010
  • A bit confused
    I get that the encryption method was busted, but I find the description a bit confusing. Are you saying that the user has to access a hardware program and but once the program is run it always uses the same key to unencrypt the data? And they broke it by determining what that unencryption key is, so they can pull the encrypted data off the drive and then unencrypt it?
    ZDNet Gravatar
    Rick_R
    6th Jan 2010
  • Don't call it NIST certified
    Some of algorithms used by the products meet NIST FIPS
    standards, but that's far different than being NIST
    certified. If you wanted to sell a device to the
    government for top secret usage for example, and even if
    all the components meet the standards, the NSA still
    inspects the implementation. Just because you're using
    AES doesn't mean you implemented AES correctly.

    In this case, the products implement strong encryption
    but useless authentication.
    ZDNet Gravatar
    georgeou
    6th Jan 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources