CVE-2017-16242
| [Description] | |
| An issue was discovered on MECO USB Memory Stick with Fingerprint | |
| MECOZiolsamDE601 devices. The fingerprint authentication requirement | |
| for data access can be bypassed. An attacker with physical access can | |
| send a static packet to a serial port exposed on the PCB to unlock the | |
| key and get access to the data without possessing the required | |
| fingerprint. | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Incorrect Access Control | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| MECO | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| MECO USB Memory Stick with Fingerprint - MECOZiolsamDE601 | |
| ------------------------------------------ | |
| [Affected Component] | |
| USB key security controller | |
| ------------------------------------------ | |
| [Attack Type] | |
| Physical | |
| ------------------------------------------ | |
| [Impact Escalation of Privileges] | |
| True | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| True | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| Physical access to the USB key. | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443 | |
| https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf | |
| https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way | |
| ------------------------------------------ | |
| [Discoverer] | |
| Remi Audebert, Jean-Michel Picod, Elie Bursztein |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment