Password Protected USB Thumb Drives…Not So Secure
You have probably seen quite a few of them come out recently. The “super secure” thumb drives that are password protected and come with various self-destruct mechanisms to keep you from tampering with them. Well, as we know when you have physical access to a system, or in this case a device it is only a matter of time before it is compromised. This is very true with these devices. Granted it takes some knowledge as to how the devices are wired.
One example is the “secure” thumb drive known as “Secustick” which advertises that the drive is used by multinational corporations, government agencies and other institutions where data integrity is important. The cost of these devices is well over $200 USD, so you would assume that your data is secure right? Wrong. The device can be easily removed from its casing, no tamper proof container. The actual flash memory is the same kind you find in el cheapo flash drives. The drive makes a partition secure by a switch connected to a controller. Simply soldering a connection between this switch and a ground removes the security. From here you can use a simple brute force app to run rainbow tables against the password prompt and it will not limit the number of guesses you need to open the drive.
Now since you have physical access to the drive, you can just leave it connected to your computer and you should have access to the device fairly quickly depending on your system. The key point here is that removable media devices such as flash drives are very difficult to secure. If your data needs to be secured, do not make it portable.
Know of more ways to hack password protecte and encrypted flash drives?