In today’s world, the security of our data is more important than ever before. We use USB flash drives to store sensitive information, but are they really that secure? In this article, we will discuss how to crack IronKey, a popular USB flash drive that claims to be one of the most secure on the market.
Before we dive into the details, let’s talk about the Verbatim Keypad Secure USB flash drive. This device is equipped with AES 256-bit hardware encryption and a built-in keypad for passcode entry. However, it is vulnerable to an offline brute force attack where an attacker can find out the correct passcode and gain unauthorized access to the stored encrypted data as clear text. This security vulnerability was discovered by IT security expert Matthias Deak during a research project and reported to RiverSim.
To demonstrate this vulnerability, an attacker-controlled Windows PC and a Verbatim Keypad Secure USB flash drive were used. When the device is attached to the laptop, it is powered via USB, but nothing else happens. No new drive is shown in Windows. When trying to unlock the USB drive by manually entering some passcodes via the keypad, the attacker fails as he does not know the correct one. Therefore, he has to resort to other measures.
By exploiting a security vulnerability in the Verbatim Keypad Secure USB flash drive, the attacker removes its internal storage in the form of an SSD with an M.2 form factor and puts it in one of his compatible SSD enclosures. Then, the attacker connects the SSD to his PC and performs an offline brute force attack using a developed software tool named Verbatim Keypad Secure Cracker Foreign. Within a couple of seconds, the eight-digit passcode used in this example attack could be successfully retrieved.
After retrieving the correct passcode, the targeted Verbatim Keypad Secure has to be reassembled and reattached to the attacker’s computer system. With the correct passcode, the attacker can successfully unlock the encrypted USB drive and gain unauthorized access to the stored sensitive user data as clear text.
This vulnerability is not limited to the Verbatim Keypad Secure USB flash drive and other analyzed secure USB flash drives were also found to have been affected. It is important to remember that vulnerabilities like this can only be discovered through research and responsible disclosure. The security community must work together to identify and report vulnerabilities to ensure that our data is always safe.
If you want to learn more about this and other security issues, visit the ASSIST website and their ASUS Tech blog. In conclusion, it is crucial to be aware of the security risks associated with USB flash drives and take necessary precautions to protect your sensitive information.