The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Lexar JumpDrive Secure Password Extraction
------------------------------------------------------------------------
SUMMARY
" <http://lexar.com/jumpdrive/jd_secure.html> Lexar Safe Guard(tm) is an
application that allows you to password protect private files on your
Lexar Jump Drive. Safe Guard allows you to divide your JumpDrive into two
different areas, or zones. The public zone, which comes up automatically
when you insert your Jump Drive into a USB port on your computer, is
accessible by any one using your drive. The private zone is
password-protected and no one can open, copy, or write files to it without
entering the password first".
There is a method of accessing the private zone on the JumpDrive Secure
device without knowing the password beforehand. The password can be
observed in memory or read directly from the device, without evidence of
tampering. All data thought to be secure in the private zone can be
accessed, altered, or deleted arbitrarily by an attacker with physical
access to the device.
DETAILS
The password is located on the JumpDrive device. It can be read directly
from the device without any authentication. It is stored in an XOR
encrypted form and can be read directly from the device without any
authentication.
It is also possible to attach a debugger to the Safe Guard software and
read the password from memory. The Safe Guard software takes care of the
decryption and the password can be seen in plain text within memory when
the software does a compare between the stored password and the supplied
password.
Vendor Status:
08-05-2004 Vendor contacted via email to support@lexarmedia.com No
response.
08-12-2004 Vendor contacted again via email to support, sales Public
Relations, Investor Relations, and general inquiry email addresses.
08-12-2004 Automated response from support received
09-13-2004 No further response from vendor, advisory released
Vendor has not acknowledged issue or produced a fix.
Recommendation:
Users of this device should not trust the security of the private
partition if the device is not in their possession.
ADDITIONAL INFORMATION
The information has been provided by <mailto:weld@atstake.com> Chris
Wysopal.
The original article can be found at:
<www.atstake.com/research/advisories/2004/a091304-1.txt>
www.atstake.com/research/advisories/2004/a091304-1.txt
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
