Google researchers find flaws in encrypted USB drives
At the Black Hat conference, Google researchers presented results of an audit of the security of several encrypted USB drives. They identified several deficiencies that underline the need for proper certification.
During the presentation it emerged that there is certification, but that it is only on a small part of encrypted USB drives: cryptography. The researchers are referring to the fips140 certification of the American NIST. With their research, they want to contribute to the establishment of an audit methodology and demonstrate the need for comprehensive certification. They have not disclosed names of manufacturers because the investigation is not complete and because it does not fall within the scope.
They proceeded by first looking at various properties on which a secure USB drive can be judged. Those were also the areas on which the drives were tested. They came up with manufacturing, input, cryptography, the controller and the storage itself. In the possible attacks, they took into account three categories of attackers: the opportunist with little knowledge and resources, the professional and the state party with knowledge and resources.
In terms of manufacturing, secure USB drive makers can take a variety of measures, such as using a rigid enclosure, shielding the components with epoxy, and making components unrecognizable by removing serial numbers and other identifying features. It is also possible to use copper to prevent the remote reading of encryption keys by means of a tempest attack. This revealed a limited number of shortcomings, such as using fake epoxy and opening up a serial port.
When it comes to input, there are again a number of options, such as a fingerprint scanner, a keypad, an RF tag and software. In this area, the researchers found that a USB stick with a fingerprint scanner was susceptible to a replay attack by the decryption command. Another drive showed that the rf tag was easy to clone. When they then looked at the controller, it turned out that a particular USB stick had an administrator password intercepted by monitoring the communication between the drive and the PC. In another case, brute force access was possible. The HDD in question did have a rate limiter, but it got a reset upon reboot.
Attacks on cryptography turned out to be too expensive, so the researchers only found old algorithms as a shortcoming. An attack on the memory usually proved difficult because the process of dumping the memory is very complicated. However, sometimes soldering is not necessary at all, if a manufacturer has chosen to store files on an SD card that is easy to remove. One attack possible here was backdooring the CD-ROM partition.
If there is a solid certification for secure USB storage, the researchers would like it to answer a number of questions. For example, where the encryption keys are stored, how they are generated and what type of epoxy is used. In this way, consumers can make informed choices and do not have to rely solely on the appearance or the claims and reputation of the manufacturer.