In association with heise online

03 December 2008, 13:57

Encrypting hard disk housing cracked

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

DigitTrade hard disk housing
Unsafe encryption: The security hard disk by vendor Digittrade
Another encrypting USB hard disk housing with RFID technology is put on the market – again the vendor advertises AES encryption – and once more, we manage to crack its encryption within a few minutes.

With its Digittrade Security hard disk, the German vendor Digittrade has launched another hard disk housing based on the unsafe IM7206 controller by the Chinese manufacturer Innmax. The German vendor prominently advertises the product's strong 128-bit AES encryption on its packaging and web page. In practice, however, the hard disk data is only encrypted using a primitive XOR mechanism with an identical 512-Byte block for each sector. This type of encryption is easily cracked, even without in-depth cryptography knowledge; in our test, unscrewing the housing took longer than cracking its encryption mechanism.

Earlier this year heise Security demonstrated that the Innmax controller does not use AES data encryption. According to Innmax, the controller only uses the AES algorithm for encrypting the RFID chip's ID, while the data is encrypted with an unspecified proprietary algorithm. Despite this, Innmax continues to advertise the chip with AES encryption, cleverly neglecting to give details about what exactly is encrypted via AES.

When confronted with the problem, Digittrade remained unrepentant. The vendor informed us that it doesn't advertise AES data encryption and that it points out that the "data on the hard disk is protected using an additional, different method". However, statements like "All the information is encrypted with 128-Bit AES" printed on the security hard disk's packaging, unequivocally convey that any illegitimate access would require the perpetrator to crack an AES encryption mechanism. According to current cryptography research, this would be virtually impossible, even with a short key length of only 128 bits. In practice, gaining access to the data on this hard disk, takes less than ten minutes.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit