Encrypting hard disk housing cracked
Unsafe encryption: The security hard disk by vendor Digittrade
Another encrypting USB hard disk housing with RFID technology is put on the market – again the vendor advertises AES encryption – and once more, we manage to crack its encryption within a few minutes.
With its Digittrade Security hard disk, the German vendor Digittrade has launched another hard disk housing based on the unsafe IM7206 controller by the Chinese manufacturer Innmax. The German vendor prominently advertises the product's strong 128-bit AES encryption on its packaging and web page. In practice, however, the hard disk data is only encrypted using a primitive XOR mechanism with an identical 512-Byte block for each sector. This type of encryption is easily cracked, even without in-depth cryptography knowledge; in our test, unscrewing the housing took longer than cracking its encryption mechanism.
Earlier this year heise Security demonstrated that the Innmax controller does not use AES data encryption. According to Innmax, the controller only uses the AES algorithm for encrypting the RFID chip's ID, while the data is encrypted with an unspecified proprietary algorithm. Despite this, Innmax continues to advertise the chip with AES encryption, cleverly neglecting to give details about what exactly is encrypted via AES.
When confronted with the problem, Digittrade remained unrepentant. The vendor informed us that it doesn't advertise AES data encryption and that it points out that the "data on the hard disk is protected using an additional, different method". However, statements like "All the information is encrypted with 128-Bit AES" printed on the security hard disk's packaging, unequivocally convey that any illegitimate access would require the perpetrator to crack an AES encryption mechanism. According to current cryptography research, this would be virtually impossible, even with a short key length of only 128 bits. In practice, gaining access to the data on this hard disk, takes less than ten minutes.
See also:
- Enclosed, but not encrypted, background article at heise Security
- Digittrade Security hard disk, German product page
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
