PaulDotCom mailing list archives
Kingston DataTraveler Secure Privacy vulnerability
From: johan at johans.dk (Johan Peder Møller)
Date: Wed, 6 Jan 2010 14:05:40 +0100
Hi all As I read it the password is checked using a algorithm that involves the 32 Byte block. The result of this operation must be a certain value also 32 byte long and this value is constant even if the password is changed. So by patching the software (or running it in a debugger) it is possible to make sure that the check is always succesful. This means that the password is always correct and you can then gain access to the data via normal operation. So the weakness resides in the way the password is checked. rgds Johan M?ller On Wed, Jan 6, 2010 at 4:55 AM, Michael Salmon <lonestarr13 at gmail.com>wrote:
Below is the whitepaper from the security company that discovered the flaw. I uploaded the pdf document to Google Translator to try to read it. My understanding is that basically the Kingston software, exmpsvr.exe, creates this 32 byte block of data that doesn't change even if the password is changed or the key is formatted and is used to decrypt the encrypted data. Syss wrote a program that modifies the exmpsvr.exe application at runtime and basically bypasses the password request code and jumps to the 32 byte block to start decrypting. Please correct me if I am wrong or I misunderstand, the translation is a bit difficult for me to read. WhitePaper: http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf CNET article: http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm?tag=mncol;txt Dark Reading: http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jhtml?articleID=222200174 Thanks, Michael Salmon On Tue, Jan 5, 2010 at 9:51 PM, David A. Gershman < dagershman_dgt at dagertech.net> wrote:Oh my, do tell. And please provide a link to the white paper if possible.I hope I'm not double posting, but has anyone else seen the whitepaperonthe recently discovered vulnerability in FIPS certified Kingston/Sandisk/Verbatium usb keys? It seems like a very amateur vulnerability in the software.---------------------------------------- David A. Gershman gershman at dagertech.net http://dagertech.net/gershman/ "It's all about the path!" --d. gershman _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100106/930d1eba/attachment.htm
Current thread:
- Kingston DataTraveler Secure Privacy vulnerability Michael Salmon (Jan 05)
- <Possible follow-ups>
- Kingston DataTraveler Secure Privacy vulnerability David A. Gershman (Jan 05)
- Kingston DataTraveler Secure Privacy vulnerability Michael Salmon (Jan 05)
- Kingston DataTraveler Secure Privacy vulnerability Johan Peder Møller (Jan 06)
- Kingston DataTraveler Secure Privacy vulnerability John Strand (Jan 06)
- Message not available
- Kingston DataTraveler Secure Privacy vulnerability Michael Salmon (Jan 07)
- Kingston DataTraveler Secure Privacy vulnerability Michael Salmon (Jan 05)