Gemalto Enterprise and Government Customers Protected against USB Drive Hacks

Security Alert

Researchers recently hacked into secure, encrypted USB keys from Kingston, SanDisk and Verbatim, exposing a significant security vulnerability impacting government and enterprise users. This flaw could allow an attacker to get access to the protected storage and read data without knowing the authorized user’s password.

The USB drives from these vendors are at risk: Despite the encryption mechanisms they implement and the FIPS security certifications obtained, data stored in them could be decrypted and extracted. NIST’s analysis of the vulnerability has determined that the problem lies in the software client that authorizes decryption of the data, which is outside of the cryptographic module boundary evaluated by NIST, and therefore outside of the scope of the FIPS certification of these manufacturers’ devices.

Because of the uncertainty these announcements can generate, Gemalto wants to confirm that its Protiva™ Smart Guardian tokens are immune to this attack. Enterprise and government customers using Gemalto’s SG and SG FIPS are protected from this immediate threat, as well as from future attacks based on similar vectors.

About Smart Guardian FIPS

Smart Guardian FIPS is a zero-footprint personal security device that protects portable enterprise or government data using Gemalto's proven smart card technology. Unlike the secure USB memory products hacked by the researchers, SG FIPS provides an unsurpassed level of data protection, because all critical functions and cryptographic keys are managed from within the secure environment of the smart card module.

Analysis of the USB Drive Hack

According to published research papers documenting the hacks of the secure USB drives from Kingston, SanDisk and Verbatim, the German security firm SySS exploited software applications on these drives used to verify user passwords and allow unencrypted access to the stored data.

Whenever the drive is used, it loads a software application in the host computer’s memory. When the user enters the password, the application produces a 32-byte code that unlocks the encrypted partition on the flash memory drive. Researchers were able to modify the application process in-memory so that it always produces a valid 32-byte unlock code, even if the password entered is wrong. The result is that protected data can be decrypted and retrieved from the hacked devices without knowing the user password.

The affected vendors have taken steps to fix this specific vulnerability; however, these drives have an underlying architectural flaw that software changes cannot address: Any software-based verification and authorization of user credentials that are performed outside of the cryptographic module boundary will continue to be a security weak spot and remain susceptible to subsequent hacks. Government or enterprise users should avoid “secure” USB devices that can be attacked because of this architectural flaw.

Gemalto's SG & SG FIPS: Security that Works

As this hack research makes clear, you must look carefully at how the security features of an encrypted USB key work to make sure it is truly secure.

Gemalto’s SG and SG FIPS achieve the highest level of security to protect sensitive corporate and governmental data by incorporating a dedicated smart card security computer chip in the USB key. The tamperproof smart card chip securely stores the data encryption key and performs PIN/password verification.

Since both the encryption key and the verification of the user’s password are always inside the smart card on the USB key—never in the memory of the host PC—the Gemalto SG tokens are immune to attacks like the ones reported on the Kingston, Sandisk and Verbatim tokens.

In addition, SG FIPS meets the rigorous security requirements of FIPS140-2 level 3. This certification is more comprehensive in Gemalto’s case, because the encryption, PIN verification and access are all done in the smart card, so all of these functions are within the cryptographic module boundary validated by NIST under the certification. This contrasts sharply with the architecture and certifications of the hacked USB keys from other vendors, because in those devices the PIN verification/data access software is outside of the cryptographic module boundary tested by NIST.
For these reasons, in Gemalto’s case the FIPS certification confirms that the smart card-based security architecture prevents any attacks on PIN verification/data access and protects stored data with military grade AES 256-bit CBC (Cipher Block Chaining) encryption.