PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

U3 hacking on encrypted flash drives

From: msalmon813 at hotmail.com (Michael Salmon)
Date: Tue, 17 Mar 2009 23:29:27 -0400

I posted this comment/question on the PaulDotCom forum, but I'm wondering what you guys think.  First, let me start 
saying the PaulDotCom podcasts are awesome and Irongeek is a big influence on my interest in computer security (his 
video's are great!).  Feels like I'm talking to moviestars, lol ...

I hope I'm not beating a dead horse.  I know U3 hacking has been around for years and so has the UniversalCustomizer 
tool.  My company purchased back in 2007 the Kingston DTSP (DataTraveler Secure Privacy Edition) USB keys for their 
hardware encryption.  Last year Kingston replaced the drives with DTVP (DataTraveler Vault Privacy Edtion) and my 
manager asked me to find out if it was possible for a virus to install on the CD-Rom partition.  I called Kingston to 
discuss the matter and ask other detailed questions about their product.  I was a bit surprised when the engineer told 
me it uses U3 technology... I shouldn't have been, but because U3 didn't seem very secure to me I assumed they 
developed their own CD-Rom emulation software.  I tested the UniversalCustomizer tool against the older DTSP driver 
first and it recognized it as a U3 drive and overwrote their CD-Rom partition, although the data on the key was gone 
and even with data recovery tools (used PhotoRec) I couldn't retrieve anything, it really concerned me that a virus 
could overwrite the CD-Rom area and Antivirus wouldn't be able to delete the infection.  The tool failed to recongnize 
the newer DTVP drive as a U3 enabled key, but that doesn't mean someone else won't figure out a way to overwrite it.  
Kingston didn't have an answer when I asked what kind of security is in place to protect against this (I'm still in 
talks with them, hopefully someone will give me an answer).  So now I'm interested in Ironkey, but on a recent 
PaulDotCom eposides it was said that also uses U3 technology.  I'm going to contact Ironkey soon, but i have very 
little trust in what vendors say, has anyone else researched this?  Company's put a lot of faith on hardware encrypted 
keys and believe it's a secure mediam, allowing their "secure drives" access through device blocking products.  
Kingston was confident that CD-Rom partition is READ-ONLY, thus creating a false sense of security (at least for their 
DTSP).  Sounds like a big security hole to me.

Your comments are appreciated.

_________________________________________________________________
Windows Live?: Life without walls.
http://windowslive.com/explore?ocid=TXT_TAGLM_WL_allup_1a_explore_032009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090317/5ef856b5/attachment.htm
Previous By Date Next
Previous By Thread Next

Current thread: