Who would have expected that decryption would be so easy? Indeed, the bar is so low that even novice attackers will have no trouble getting over it. When decryption is possible at the lowest block level, any possible security provided by the RFID chip becomes completely worthless, so we didn't conduct any further tests.
heise Security has since received a statement from Innmax, the manufacturer of the IM7206 controller chip used, confirming our findings. The IM7206 merely uses AES encryption when saving the RFID chip's ID in the controller's flash memory. The company explained that actual data encryption is based on a proprietary algorithm. The company claims the IM7206 only offers basic protection and is designed for "general purpose" users. In contrast, the more expensive IM8202 controller chip is being designed for users with greater security requirements; they claim it will offer true 128-bit AES encryption for data – but the chip is still in the development phase.
Hard drive enclosure manufacturer Drecom also confirmed our findings and is busy working on a solution. Easy Nova product manager Holger Henke says that the improper label "128-bit AES Hardware Data Encryption" for Data Box PRO-25SUE was the result of Innmax's misleading formulation of its controller specifications. Henke says that a new Easy Nova case could be released by the end of the year with the improved IM8202 controller. For the time being, the company says it will continue to market the current module as providing "simple encryption."
The Easy Nova product isn't the only hard drive enclosure on the market that uses the IM7206. You should assume that other products based on the controller also suffer from the same flawed encryption. The following crypto hard drive enclosures also use the IM7206 and are therefore likely to be vulnerable to the same attacks:
- STYSEN E08 RFID Security Mobile Disk
- DoTop RFID SATA to USB storage
- Agestar RFID Security External Enclosure SRB2A
- Silverstone Treasure TS01B
- Sharkoon Swift-Case Securita
- DIGITTRADE RFID Security Hard Disk
These manufacturers have been alerted, but we have yet to receive replies from them.
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
