Below is the whitepaper from the security company that discovered the flaw. I uploaded the pdf document to Google Translator to try to read it. My understanding is that basically the Kingston software, exmpsvr.exe, creates this 32 byte block of data that doesn't change even if the password is changed or the key is formatted and is used to decrypt the encrypted data. Syss wrote a program that modifies the exmpsvr.exe application at runtime and basically bypasses the password request code and jumps to the 32 byte block to start decrypting.
Please correct me if I am wrong or I misunderstand, the translation is a bit difficult for me to read. WhitePaper: http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf CNET article: http://news.zdnet.co.uk/security/0,1000000189,39963327,00.htm?tag=mncol;txt Dark Reading: http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jhtml?articleID=222200174 Thanks, Michael Salmon On Tue, Jan 5, 2010 at 9:51 PM, David A. Gershman < [email protected]> wrote: > > Oh my, do tell. And please provide a link to the white paper if possible. > > > > > I hope I'm not double posting, but has anyone else seen the whitepaper on > > the recently discovered vulnerability in FIPS certified > > Kingston/Sandisk/Verbatium usb keys? It seems like a very amateur > > vulnerability in the software. > > > > > > ---------------------------------------- > David A. Gershman > [email protected] > http://dagertech.net/gershman/ > "It's all about the path!" --d. gershman > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
