The security expert Matthias Deeg from SySS showed how easy it is to decrypt supposedly protected data from the Verbatim Keypad Secure USB stick.
Now Deeg also cracked the Lepin Crypto USB Flash Drive EP-KP001 USB stick, which is also equipped with a numeric keypad, and the Verbatim Executive Fingerprint Secure SSD USB SSD. In both cases, the investigation uncovered serious security gaps that are basically easily avoidable.
Chip replacement brings access
With the Lepin Crypto USB Flash Drive EP-KP001 turned out to bethat in truth the data is not protected with the promised “military-grade 256-bit AES-XTS hardware encryption”. Instead, a controller only blocks access to the flash memory until you type in the correct PIN. If you swap the controller of a supposedly encrypted USB stick of this type for the desoldered controller of another stick of the same type whose PIN you know, the data can be read (CVE-2022-29948).
Poorly protected communication
In the Verbatim Executive Fingerprint Secure SSD discovered Matthias Deeg as with the Keypad Secure from the same manufacturer, there are several security gaps. In both cases, the firmware is not securely protected against manipulation, for example through cryptographic signatures.
AES-encrypted USB communication turned out to be the Achilles heel of the Executive Fingerprint Secure SSD, although the key secret is built into the associated Windows software and can be extracted from it. After extracting the key from the code, Deeg was able to decrypt the password from the USB communication (CVE-2022-28387).
Be careful when buying sticks!
Security gaps in external USB storage devices with hardware encryption have been known for many years, but apparently not to the developers of the devices now affected. Deeg therefore warns of the risks of these products, many of which only offer supposed security.