Dit artikel is ook in het Nederlands
This article was originally written in Dutch
As of late, several organizations including civil services and the ministry of defense, have been embarrassed by the revelation of secrets because of lost memory sticks. The security of these information carriers has since become a hot issue. The Secustick promises to be the ultimate solution.
The most common technique to protect data is encryption, but Sipal International has come up with a different solution that brings to mind the Mission Impossible movies: a memory stick that will self-destruct after an incorrect password has been entered more than a set number of times. The stick was commissioned by the French government and - according to the company's press release - the result is revolutionary, ultra safe and approved by the French intelligence service. Beside the French government, the stick is reportedly also used in the defense and banking industries, with Dassault and Crédit Agricole believed to be among its users.
Armed with a gigabyte of storage capacity, the stick retails in the Netherlands for 130 euros (175 USD), which is quite a lot, since most 1GB USB sticks are sold for a mere 20 euros (27 USD). However, the Secustick differs from most ordinary USB sticks because of its ability to self-destruct. On paper, the features look good and it appears as if the stick may be worth its price. Tweakers.net got its hands on a number of them and decided to test if they could live up to its promises.
The metal-cased Secustick comes in a neatly finished box. It contains the Secustick and a cord so you can wear your precious data around your neck. We treated one of the sticks to a thorough inspection, and it looks as if the Secustick is actually a relabeled Netac U220, since the components used are the same. For comparison: a 1GB U220 Netac stick retails for approximately 40 euros (54 USD), without the ability to self-destruct.
The first time the stick is used, it lets the user set a password as well as a maximum number of password entry attempts. When this number is exceeded, the stick will self-destruct. Once the stick is ready for use, normal access will only reveal only a small partition of 2MB. It contains a small (Windows-only) program called 'password.exe'. When this is executed, the user is presented with a dialogue window asking for the password. Upon entering a wrong password, the program will display how many attempts are left.
Because the stick supposedly self-destructs after several wrong attempts at keying in the password, we decided to put that feature to the test first. We didn't want to take the risk of rendering all sticks useless, so we decided to take the cautious approach and do what Tweakers do best: unscrew and open the gear. Our fear that the stick would go up in smoke as soon as we opened it proved unfounded: removing one screw turned out to be sufficient to disassemble the whole thing. Peering inside, one of the first things we noticed is that Sipal did not use epoxy to prevent unauthorized tampering with the hardware by creative individuals armed with soldering irons.
The inside of the Secustick
Opening the Secustick reveals two easily recognizable elements: a flash controller and a piece of NAND memory, which in this case has been manufactured by Hynix. A little research taught us that this type of controller is a very basic type that doesn't have any specific security features, and although we couldn't find a datasheet of the memory module, we did discover one from a similar model on the internet, and learned that it has a special pin that allows or denies writing to the chip, based on its voltage. The stick is also fitted with a button to regulate access, but it is attached to the controller instead of the memory chip, which means that it is up to the controller to decide whether or not writing is permitted. By soldering a wire between the special pin and the earth we could be sure that no data on the chip could be altered
The soldered wire on the Secustick.
When we re-inserted the stick into the PC and deliberately typed a wrong password, the screen read: 'Wrong password, 6 attempts left'. So we tried again, and the message on the screen read 'Wrong password, 6 attempts left' once again. Goody! The stick left unable to store the number of password attempts, we could now try out passwords indefinitely without having to fear that the stick would self-destruct. Time to take a closer look at the software.
At start-up, the password.exe application writes two files to a temporary directory: SinglePWD.exe and USB20.dll. We used W32Dasm, a disassembly and debugging program, to study the software. As expected, the executable is responsible for displaying the user interface while USB20.dll takes care of the communication with the stick. The structure of the DLL file was more surprising. Instead of low level commands such as SendToStick(), we could see routines such as GetWriteProtectState(), RefreshFileBrowser(), and the most significant one, VerifyPassWord().
Screenshot of debugging windows (click for larger image)
Obviously, this routine caught most of our attention. We used the debugger to study it, and found that its result was passed to the main program using an EAX register. The debugger allowed us to place a breakpoint immediately after the call to VerifyPassWord(), upon which we entered a fictional password and changed the return value 0 in the register to 1. We continued to trace the program, hoping for an error that would provide us with a little more insight into the process. Unfortunately this was not the case. But wait, unfortunately? Actually, we got much more than we bargained for.
The Secustick exposed
As it turned out, we already had full access to the 'protected' files. Apparently, the program merely checks to see if the password has been entered correctly, and the stick's contents are unlocked on the basis of this. By simply altering the return value of the VerifyPassWord() routine, the - unencrypted - data is revealed.
Checking the password and unlocking the files are two separate processes. This is arguably a serious design error. The most secure sticks execute both encryption and unlocking on the chip. A somewhat less secure method consists in comparing an encrypted password that resides in the controller with one that is stored on the pc. This will at least prevent the password from being harvested from the flash memory. Less secure still is storing it in the stick's memory, since that can lead to the password being read from the chip. The Secustick is another step lower on the ladder: the processes of checking the password and unlocking the stick are executed entirely on the pc - a machine that is obviously beyond one's control in the event that the stick gets stolen.
It should be clear that the stick's security is quite useless: a simple program can be used to fool the Secustick into sending its unlock command without knowing the password. Besides, the password.exe application can be adapted so that it accepts arbitrary passwords. Should such a program be released into the public domain, anyone who can use a search engine can read the stick's contents without any trouble. Moreover, it looks as if there isn't really much to the so-called 'self destruction' feature, which, according to the data sheet, causes the flash memory [to be] burned. However, as far as we have been able to determine, there isn't any extra hardware on the chip - such as a dc-dc-converter - that could physically destroy the memory by targeting it with more voltage than it can handle.
Secustick importer Walter Preij has responded with surprise to our findings. 'The manufacturer assured me that the system is completely secure', he said. The French supplier told us that their system is not intended to be the ultimate protection. 'Every security system can be cracked. We always tell our customers that they should test the Secustick to see if it lives up to their expectations. Our customers are happy with the level of protection that our product offers. Normally, the amount of security is sufficient, not everyone has the technical expertise that you have', said a spokesperson, ignoring the options that those with malicious intent might have at their disposal, or the possibility that a cracked version of the software is put on the web. According to the company's CEO, there is an improved version of the stick in the pipeline, which should be ready within two months. For really big secrets, the company also has another line of products 'with even better security'.
Our advice should be clear: anyone with 130 euros to spare for a shiny metal USB stick with a necklace is free to go out and spend it on the Secustick, but those who want to carry their data around safely are better off searching for a more advanced model, or to use a regular stick in combination with a program such as TrueCrypt.
Tweakers.net would like to thank Sprite_tm for his extensive technical contributions to this article.
Plug this story