Today’s news article on computer forensics is about hacking encrypted fingerprint USB drives. The encryption talked about is AES 256 hardware encryption, which has been considered a highly renowned and secure standard in the world of digital and computer forensics to date. You must have seen online ads about the most secure hardware-based AES 256 bit encrypted fingerprint USB drives from popular brand names like Kingston USB and SanDisk USB, these are the ones that have been found to be completely vulnerable by a forensic computer company called Germany SySS. Their tests show a great design vulnerability that can decrypt the current information on the USB stick.
SySS is a German company specializing in computer and IT forensics. In a nutshell how to read encrypted data is very simple, it is not even necessary to enter your password. When a user enters the correct password on the key to decrypt the information, the hardware algorithm passes through a certain string of information or characters to the device storage system which presents the information to the user in plain text. However, the fault lies in the fact that this “String” passed after a valid session for each password is always the same!
SySS used their computer’s forensic knowledge to interpret this “string” and demonstrated how to pass it on to the hardware device and get decoded information every time. There are two White Papers published by the company on their website that explain this in-depth. This discovery has significant implications for corporate and law enforcement officers, who often carry sensitive information on such encrypted devices. In fact, there is a mindset that is being debated whether courts will now accept hardware-encrypted thumb drives as “unaltered” secure evidence.