The security researcher Matthias Deeg from SySS GmbH has cracked the “Verbatim Keypad Secure” USB stick that has been sold for several years. Accordingly, the supposedly securely encrypted data on this stick can be decrypted with comparatively little effort. Because the developers of the firmware have built a total of four security gaps.
That’s not all: although the Verbatim company has been informed about the problems several times since January 2022, it has not yet reacted. The products remain unsafe and apparently continue to be sold.
Matthias Deeg explains the vulnerabilities in detail in the SySS Tech Blog, a YouTube video shows the proof-of-concept and a CVE entry has been created (CVE-2022-28384/SYSS-2022-001/-017).
M.2 SSD removable
The Keypad Secure’s case is relatively easy to open to remove the built-in M.2 SSD with the AES-encrypted data. This is a vulnerability in itself because it makes brute force attacks on encryption very easy: plug the SSD into a USB adapter and connect it to another PC.
Because Verbatim built two weaknesses into the encryption, Matthias Deeg was even able to program software that automatically handles the decryption.
However, Deeg also found out that the firmware could be manipulated because the USB stick does not check its authenticity.
Finally, it turned out that the protection against manual “brute forcing” does not work as advertised: according to Verbatim, the SSD should lock itself after an incorrect PIN has been entered twenty times. But that doesn’t happen.
[Update:] According to SySS, three other Verbatim products also contain security vulnerabilities:
- Verbatim Store ‘n’ Go Secure Portable HDD
- Verbatim Executive Fingerprint Secure SSD
- Verbatim Fingerprint Secure Portable Hard Drive
Serious security gaps keep appearing in USB mass storage devices with built-in proprietary encryption functions. Some firmware developers build in vulnerabilities that have been known for years. A few years ago, gaps in USB hard drives with encryption from Western Digital and Zalman became known.
For similar reasons, Microsoft has been using software encryption for BitLocker for several years now, instead of relying on the built-in encryption in SSDs and other self-encrypting drives (SEDs). The background was, among other things, that the encryption of internal and external SSDs from Crucial and Samsung could easily be bypassed.
#Verbatim #Encrypting #USB #Stick #Insecure #Expert #Reveals #Vulnerabilities