audebert/gist:ef6e206a27ededd1386cff48604e9335

## gistfile1.txt
[Description]
An issue was discovered on MECO USB Memory Stick with Fingerprint
MECOZiolsamDE601 devices. The fingerprint authentication requirement
for data access can be bypassed. An attacker with physical access can
send a static packet to a serial port exposed on the PCB to unlock the
key and get access to the data without possessing the required
fingerprint.

------------------------------------------

[Vulnerability Type]
Incorrect Access Control

------------------------------------------

[Vendor of Product]
MECO

------------------------------------------

[Affected Product Code Base]
MECO USB Memory Stick with Fingerprint - MECOZiolsamDE601

------------------------------------------

[Affected Component]
USB key security controller

------------------------------------------

[Attack Type]
Physical

------------------------------------------

[Impact Escalation of Privileges]
True

------------------------------------------

[Impact Information Disclosure]
True

------------------------------------------

[Attack Vectors]
Physical access to the USB key.

------------------------------------------

[Reference]
https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf
https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

------------------------------------------

[Discoverer]
Remi Audebert, Jean-Michel Picod, Elie Bursztein
	[Description]
	An issue was discovered on MECO USB Memory Stick with Fingerprint
	MECOZiolsamDE601 devices. The fingerprint authentication requirement
	for data access can be bypassed. An attacker with physical access can
	send a static packet to a serial port exposed on the PCB to unlock the
	key and get access to the data without possessing the required
	fingerprint.

	------------------------------------------

	[Vulnerability Type]
	Incorrect Access Control

	------------------------------------------

	[Vendor of Product]
	MECO

	------------------------------------------

	[Affected Product Code Base]
	MECO USB Memory Stick with Fingerprint - MECOZiolsamDE601

	------------------------------------------

	[Affected Component]
	USB key security controller

	------------------------------------------

	[Attack Type]
	Physical

	------------------------------------------

	[Impact Escalation of Privileges]
	True

	------------------------------------------

	[Impact Information Disclosure]
	True

	------------------------------------------

	[Attack Vectors]
	Physical access to the USB key.

	------------------------------------------

	[Reference]
	https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
	https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf
	https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

	------------------------------------------

	[Discoverer]
	Remi Audebert, Jean-Michel Picod, Elie Bursztein