Advisory ID: SYSS-2022-017 Product: Fingerprint Secure Portable Hard Drive Manufacturer: Verbatim Affected Version(s): #53650 Tested Version(s): #53650 Vulnerability Type: Insufficient Verification of Data Authenticity (CWE-345) Risk Level: Low Solution Status: Open Manufacturer Notification: 2022-02-03 Solution Date: - Public Disclosure: 2022-06-08 CVE Reference: CVE-2022-28385 Author of Advisory: Matthias Deeg (SySS GmbH) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: The Verbatim Fingerprint Secure Portable Hard Drive is a USB drive with AES 256-bit hardware encryption and a built-in fingerprint sensor for unlocking the device with previously registered fingerprints. The manufacturer describes the product as follows: "The AES 256-bit Hardware Encryption seamlessly encrypts all data on the drive in real-time. The drive is compliant with GDPR requirements as 100% of the drive is securely encrypted. The built-in fingerprint recognition system allows access for up to eight authorised users and one administrator who can access the device via a password. The hard drive does not store passwords in the computer or system's volatile memory making it far more secure than software encryption."[1] Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive containing the Windows and macOS client software. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: When analyzing the Verbatim Fingerprint Secure Portable Hard Drive, Matthias Deeg found out that the content of the emulated CD-ROM drive containing the Windows and macOS client software can be manipulated. The content of this emulated CD-ROM drive is stored as ISO-9660 image in the "hidden" sectors of the USB drive that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. The following output exemplarily shows the content of the ISO-9660 file system: # mount hidden_sectors.bin /mnt/ # lsd -laR /mnt/ dr-xr-xr-x root root 2.0 KB Wed Aug 14 10:28:51 2019 . drwxr-xr-x root root 4.0 KB Fri Jan 7 16:39:47 2022 .. .r-xr-xr-x root root 70 B Wed Aug 14 09:20:40 2019 Autorun.inf dr ..
Support the originator by clicking the read the rest link below.
