26C3: Cryptographically Secure ? (lightning talk)

Cryptographically Secure ?
Cracking FIPS-Certified USB Flash Drives
Lightning talk – PoC – Matthias Deeg

Demo is performed using a SanDisk Cruzer Enterprise (FIPS Edition), however is possible on other devices.

  • Small mistakes often have a big impact, especially when it comes to complex devices.

USB FDU – (USB Flash Drive Unlocker)

The demo PoC tool was able to unlock the device (make it so that any arbitrary password works) within a few seconds. A number of vendors have already patched this issue and provided updates for their devices (see Links below).

Currently the PoC isn’t publicly available.

Links :

  • Cryptographically Secure Paper (DE)
  • Papers (SanDisk, Kingston) (DE)
  • SanDisk Security bulletin (LINK)
  • http://www.syss.de (DE)


Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>