This protocol was not protected, and a vulnerability was found. Thus data strongly encrypted by the hardware, but there is an external utility, which performs authentication (checking / changing the password and settings) using a certain protocol (API + algorithm utility). And also some screenshots of the utility, which is embedded in the process of authentication program for USB drives, and as a result – we may enter any password and access will be granted. In this document they describe in details the authentication protocol between the drive and the program (the user), which they found on the basis of intercepted USB traffic + vulnerability that was discovered.
News regarding some models of Kingston being prone to cracking is very surprising because these flash drives have been certified in compliance with FIPS 140-2.Įverything started with the fact that the German company SySS published a document entitled “Companies SySS hacked USB flash drive with hardware encryption Kingston certified FIPS 104-2”. The announcement was posted on the company’s web site saying that with the help of some tools you can access this USB drive (i.e. The Kingston Technology company, a leader in the production of safe USB drives, and one of the first ones that started producing USB flash drive with hardware encryption (Kingston DataTraveler Secure) announced that some of its models of USB flash drives with hardware protection feature are vulnerable.
0 kommentar(er)
