©атсн²² (in)sесuяitу

Because we're damned if we do, and we're damned if we don't!

  • Archives


  •  Subscribe in a reader

  • Twitter

«
»

26C3: Cryptographically Secure ? (lightning talk)

Posted by ChrisJohnRiley on December 30, 2009

Cryptographically Secure ?
Cracking FIPS-Certified USB Flash Drives
Lightning talk – PoC – Matthias Deeg

Demo is performed using a SanDisk Cruzer Enterprise (FIPS Edition), however is possible on other devices.

  • Small mistakes often have a big impact, especially when it comes to complex devices.

USB FDU – (USB Flash Drive Unlocker)

The demo PoC tool was able to unlock the device (make it so that any arbitrary password works) within a few seconds. A number of vendors have already patched this issue and provided updates for their devices (see Links below).

Currently the PoC isn’t publicly available.

Links :

  • Cryptographically Secure Paper (DE)
  • Papers (SanDisk, Kingston) (DE)
  • SanDisk Security bulletin (LINK)
  • http://www.syss.de (DE)

This entry was posted on December 30, 2009 at 1:01 pm and is filed under Conference, Security. Tagged: , , , . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

«
»