How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat USA 2017.
Researchers say that at present, secure USB drive manufacturers are following the FIPS 140 certification standard, which was developed by NIST (the National Institute of Standards and Technology) for all kinds of cryptography modules, both hardware and software. The certification involves a cryptographic security disclosure and validation process.
As the researchers put it, keeping certification current is important because disclosed information helps them figure out possible issues. But it’s not enough; not every possible attack vector is covered by FIPS 140. And as you can see below, some encrypted USB drives pass certification but are still vulnerable to attacks — sometimes even the easy ones.
That’s why researchers are proposing developing new audit methodology specifically for evaluating the security of encrypted USB drives. For a start, researchers divide security issues into three categories:
- Weaknesses: Issues that make further hacking process easier;
- Single-drive break: Vulnerabilities that allow an attacker to hack just one particular drive;
- Full break: Vulnerabilities that can get an attacker access to information on any drive of the same model.
In addition, the exploitation of certain vulnerabilities requires specific skills and resources. Some of the issues can be of use even for an unskilled attacker, and some of them require a lot of resources available mostly for state-sponsored hackers. Therefore, danger level can be expressed in three categories:
- Serendipitous: Open to an opportunistic attacker with minimal resources — basically, at this level you find a person who may have found or stolen a drive and is eager to get their hands on the information it (possibly) contains.
- Professional: Available to attackers with resources, albeit limited ones. Mostly, attackers at this level are interested in gathering large amounts of information;
- State-sponsored: Requires attackers with plenty of resources. Usually, such attackers are after specific data, and keys that are worth a large investment.
Further classification of threats specific to encrypted USB drives involves dividing possible attack vectors into several groups, depending on this or that component of the device: design and manufacturing features of the whole drive, authentication factor (input, for short), USB/crypto controller, encryption algorithm, and flash memory. Let’s take a quick look at these categories.
Design and manufacturing
First of all, an encrypted USB drive must be designed and manufactured in a way that defines a certain level of protection. To begin with, it would be nice for an encrypted device to be tamper-evident — you should see some indicators of compromise if someone has messed with the USB drive containing your precious files.
The easier it is to get access to electronic components, the easier it is for an attacker to research the hardware and find this or that vulnerability in the device. To prevent that, the circuit board should be dipped in epoxy.
It’s worth adding that the epoxy must be the real thing, not some substitute: Researchers have found that in at least some cases, manufacturers claim they use epoxy, but in reality they use some less-robust polymer instead. As a result, the coating can be easily removed with acetone, providing full access to the hardware.
In case of hacking hardware, once they get access to electronics, the first thing any attacker looks for is component markings. That’s essential for finding manuals and specifications, and to explore further possibilities for an attack. If all of the model names, serial numbers, and so on are carefully removed from chips, attackers finds themselves contemplating a black box — they have to do much more complex research to learn which hacks can actually be applied to the drive.
Sometimes even when manufacturers try to erase markings from chips, however, they fail to do so properly.
Replacing firmware with a tweaked version that allows an attacker to bypass protection is hard work. However, skilled attackers with significant resources may go for it. Worse, this type of attack is replicable: Once attackers reverse-engineer firmware and figure out how to make the required tweaks, they can hack any drive of the same model.
TEMPEST is a type of attack that allows an attacker to spy on what’s going on inside a device through its electromagnetic emission. This attack is complex and most likely won’t occur often, at least not to regular people and businesses. However, anyone who wants to be sure their secrets are safe from state-sponsored hackers should use USB drives with copper foil shielding, which is reliable and relatively inexpensive protection from TEMPEST.
Not just any hacker would go so far as to counterfeit a USB drive. But again, state-sponsored attackers could. Therefore, if you want to keep your secrets from high-level spying, you probably want your encrypted USB drives to be designed in a manner that protects them from counterfeiting.
Another problem rests with the protection level of the part of the USB drive that authenticates legitimate users and unlocks a device. First, hacking authentication is a lot easier than hacking flash memory on the hardware level or hacking an encryption algorithm. Second, there’s a fair chance that the manufacturer made some mistakes in developing the authentication mechanism. Therefore, authentication is probably the most obvious focus for any attacker (after researching the device).
There are four ways to authenticate a user: using a PIN pad, with a wireless badge, with a fingerprint, or using software PIN input.
The first mistake a manufacturer can make is storing the PIN in software. Even an unskilled attacker can figure out how to extract it and thereby hack not only one particular device, but any drive of the same model. In some cases, software may have vulnerabilities that replay attacks can use — this was the case with several FIPS-certified drives studied by researchers from German SySS in 2009.
PIN-entry pads may be subject a very simple exploit, with certain buttons showing signs of wear, thus revealing combinations that can be used to unlock the drive.
Wireless badges are even worse: They can be cloned using a very simple device. Using a cloned badge, any attacker can unlock a USB drive in no time, leaving no trace and thus no clue a drive has been accessed by someone else.
Researchers demonstrated four methods during their Black Hat talk:
As for fingerprints, they may seem a strong authentication factor, but in reality they are far from perfect. A variety of exist to clone fingerprints, and some of them don’t require any physical contact — an attacker can obtain a rather good fingerprint shot with a DSLR camera and make a dummy with a standard-issue inkjet printer using conductive ink. And what’s worse, you can’t change your fingerprints — they’re not like passwords.
But actually, attackers do not necessarily even have to fake fingerprints. In some cases, as researchers demonstrated, a fingerprint-protected drive can be unlocked much more easily.
As it turned out, at least one of the fingerprint-protected USB drive models Bursztein and his colleagues inspected is vulnerable to a replay attack. When the sensor of this drive scans a legitimate fingerprint, it simply sends a command to the drive’s controller to unlock.
Another mistake this particular manufacturer made was leaving a functioning debugging port on the circuit board. Using this port, researchers intercepted the unlock command and thus were able to replay it and unlock any drive of this model.
These hacks may seem complex, but make no mistake: A skilled attacker will use such tricks to get access to your files. And if you want to protect your secrets from even more skilled or resourceful state-sponsored attackers, you definitely need to consider all of the vulnerabilities mentioned above.
Consider a drive’s USB/crypto controller. First, you have to make sure that the drive isn’t hackable with a brute-force attack. Some of them are. For example, drives that use wireless tags, such as the researchers used to demonstrate a tag-cloning attack, are also vulnerable to brute-force attacks.
To be protected from brute force, a device must burn itself out after a certain number of failed authentication attempts. Ideally, the encryption key and information in a drive’s flash memory will be wiped securely when the drive is burned.
It also doesn’t hurt to make sure that the device immediately locks itself when removed from a USB port, after a certain amount of inactivity, and after a USB reset.
You also need to make sure that passwords or PINs and encryption keys can’t be requested from a drive’s controller. That might seem obvious, but it’s exactly what Bursztein, Picod, and Audebert found in a device while doing research. They were able to request the master password from one drive’s controller, and with this master password they easily made a new user and gained access to all of the files stored on the drive.
This attack allows even not-so-skilled hackers with minimal resources to unlock any drive of this model.
Encryption is obviously at the core of secure USB storage. The good news is, it’s unlikely that an opportunistic attacker without sufficient resources would ever decide to use this attack vector, and modern encrypted drives mostly use strong encryption algorithms that are hard to break — even if they’re not implemented very well.
The bad news is, it’s pretty hard to be sure that a device manufacturer got encryption right.
For starters, to be really secure, a USB drive must use AES or a newer encryption standard, and that’s not always the case. During their study, Bursztein and his colleagues came across several drives that used outdated encryption such as RC4 and RSA-512. These cryptosystems have been proved vulnerable (although breaking them does require significant resources).
Other aspects include random generation of encryption key, usage of secure random generator for the key and initialization vectors, usage of secure algorithm for encryption chaining, and so on. However, this applies mostly to those who want to be protected from nation-state–level spying.
As researchers emphasize, the crypto magic is in the hardware, so exploring what exactly is going on with a drive’s encryption and finding vulnerabilities is quite difficult. Therefore, more disclosure on this particular matter would be helpful.
The last category of possible attack vectors is direct reading of flash memory. It may seem hard: An attacker needs to carefully extract the memory chip from a drive’s circuit board and then connect it to a reading device. In some cases, manufacturers make this part a lot easier, using a microSD card instead of a soldered chip.
In fact, it’s the next part that’s a lot harder: actually extracting information from the flash memory chip. On a hardware level, flash doesn’t store data in the form of nice and convenient files, so an attacker has to do a lot of work to extract something useful from a flash memory dump.
However, the manufacturer can make serious mistakes, for example storing a PIN code in plain text in the memory chip. Other possible vulnerable actions include storing the encryption key, hashed PIN, or firmware signing key in the memory chip — but those concerns are relevant mostly to those who are in danger of high-level spying.
As Bursztein and his colleagues point out, they have just started to research this part of the puzzle and are looking forward to collaborating on the matter with other researchers. The same goes for the project as a whole: They invite everyone to contribute to making a great audit methodology for secure USB drives and testing as many drive models as possible in the framework.
What can we do in the meantime to protect our information stored on “secure” USB drives, considering that no one can be sure the drives are actually secure? The best option is to encrypt the data ourselves before entrusting it to the drive.
For example, our Kaspersky Endpoint Security for Business can encrypt information with the AES-256 algorithm. If you need to transfer confidential data, you can easily wrap it into password-protected, encrypted, self-extracting packages. Thanks to the special portable mode for file-level encryption, files can be read even on computers that are not running Kaspersky Security products.