Hacked Gadgets Forum

May 9, 2007

Secure USB Memory Stick Hack

at 5:04 am. Filed under Complex Hacks, Electronic Hacks

Not everything that costs lots of money and comes in a velvet case is good quality. Sprites mods has a good article about hacking a “secure” USB memory stick. It seems that the manufacturer broke all the rules when attempting to implement security.

“Seemingly, the checking of the password and the unlocking of the stick are two separate processes, both initiated from the PC. From the point of view of the stick, they’re both separate processes and unlocking can happen just fine if no valid password is entered. This is a Big Flaw. As an indication to how big: The best sticks handle all the encryption to/from the flash themselves and don’t keep a password at all: the fact that the data can’t be decrypted without it makes it safe. The mediocre sticks store a password inside the flash-controller and check it against a password sent by the PC before unlocking the flash-memory. This way, the password can’t be found by reading out the flash-chip maually. The bad ones do the same but store the password on flash. The Secustick is even worse than that: it stores the password on flash and lets the PC do the validation, while as soon as the stick gets stolen, the PC it is put into is completely non-trustworthy.”

Thanks Geekabit.