[NEWS] Lexar JumpDrive Secure Password Extraction

From: SecuriTeam (support_at_securiteam.com)
Date: 09/15/04

  • Next message: SecuriTeam: "[TOOL] SnortALog - Snort Analyzer Logs" 
    To: list@securiteam.com
Date: 15 Sep 2004 11:01:23 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Lexar JumpDrive Secure Password Extraction
    ------------------------------------------------------------------------

    SUMMARY

    " <http://lexar.com/jumpdrive/jd_secure.html> Lexar Safe Guard(tm) is an
    application that allows you to password protect private files on your
    Lexar Jump Drive. Safe Guard allows you to divide your JumpDrive into two
    different areas, or zones. The public zone, which comes up automatically
    when you insert your Jump Drive into a USB port on your computer, is
    accessible by any one using your drive. The private zone is
    password-protected and no one can open, copy, or write files to it without
    entering the password first".

    There is a method of accessing the private zone on the JumpDrive Secure
    device without knowing the password beforehand. The password can be
    observed in memory or read directly from the device, without evidence of
    tampering. All data thought to be secure in the private zone can be
    accessed, altered, or deleted arbitrarily by an attacker with physical
    access to the device.

    DETAILS

    The password is located on the JumpDrive device. It can be read directly
    from the device without any authentication. It is stored in an XOR
    encrypted form and can be read directly from the device without any
    authentication.

    It is also possible to attach a debugger to the Safe Guard software and
    read the password from memory. The Safe Guard software takes care of the
    decryption and the password can be seen in plain text within memory when
    the software does a compare between the stored password and the supplied
    password.

    Vendor Status:
    08-05-2004 Vendor contacted via email to support@lexarmedia.com No
    response.
    08-12-2004 Vendor contacted again via email to support, sales Public
    Relations, Investor Relations, and general inquiry email addresses.
    08-12-2004 Automated response from support received
    09-13-2004 No further response from vendor, advisory released
    Vendor has not acknowledged issue or produced a fix.

    Recommendation:
    Users of this device should not trust the security of the private
    partition if the device is not in their possession.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:weld@atstake.com> Chris
    Wysopal.
    The original article can be found at:
    <www.atstake.com/research/advisories/2004/a091304-1.txt>
    www.atstake.com/research/advisories/2004/a091304-1.txt

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[TOOL] SnortALog - Snort Analyzer Logs"

    Relevant Pages