Ubuntu Security Notice 5666-1 - It was discovered that OpenSSH incorrectly handled certain helper programs. An attacker could possibly use this issue to arbitrary code execution.

    =========================================================================Ubuntu Security Notice USN-5666-1October 10, 2022openssh vulnerability=========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 ESMSummary:OpenSSH could be made to run arbitrary code if it somenon-default configuration are in use.Software Description:- openssh: secure shell (SSH) for secure access to remote machinesDetails:It was discovered that OpenSSH incorrectly handled certain helper programs.An attacker could possibly use this issue to arbitrary code execution.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 ESM:  openssh-server                  1:7.2p2-4ubuntu2.10+esm2In general, a standard system update will make all the necessary changes.References:  https://ubuntu.com/security/notices/USN-5666-1  CVE-2021-41617

Ubuntu Security Notice USN-5666-1

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

American Fuzzy Lop plus plus 4.04c

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.

OpenSSL Toolkit 3.0.6

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

OpenSSL Toolkit 1.1.1r

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the device will not lock and require reformatting after 20 failed passcode attempts, as described in the product description and the corresponding user manual.

Advisory ID:               SYSS-2022-046  
Product:                   Store 'n' Go Secure Portable SSD  
Manufacturer:              Verbatim  
Affected Version(s):       #53402 (GDMSLK02 C-INIC3637-V1.1)  
Tested Version(s):         #53402 (GDMSLK02 C-INIC3637-V1.1)  
Vulnerability Type:        Expected Behavior Violation (CWE-440)  
Risk Level:                Low  
Solution Status:           Open  
Manufacturer Notification: 2022-06-29  
Solution Date:             -  
Public Disclosure:         2022-10-07  
CVE Reference:             CVE-2022-28386  
Author of Advisory:        Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive  
with AES 256-bit hardware encryption and a built-in keypad for passcode  
entry.

The manufacturer describes the product as follows:

"The AES 256-bit Hardware Encryption seamlessly encrypts all data on the  
drive in real-time with a built-in keypad for password input. The hard  
drive does not store passwords in the computer or system’s volatile  
memory making it far more secure than software encryption. Also, if it  
falls into the wrong hands, the hard drive will lock and require  
re-formatting after 20 failed password attempts."[1]

The security feature for locking and requiring to reformat the SSD after  
20 failed unlock attempts does not work as specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

When analyzing the external data storage Verbatim Store 'n' Go Secure  
Portable SSD, Matthias Deeg found out that the device will not lock and  
require reformatting after 20 failed passcode attempts, as described in  
the product description[1] and the corresponding user manual.

Thus, an attacker with physical access to such an external SSD can try  
more passcodes in order to unlock the device.

During the security analysis, SySS could not find out how many failed  
passcode attempts would actually lock the device and require  
reformatting it, as this device state was never reached.

Additionally, trying to find out the correct passcode by either manually  
or automatically entering it via the provided keypad is rather  
insufficient compared to an equally possible offline brute-force attack,  
as described in SySS security advisory SYSS-2022-043[2].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

SySS tried to unlock the Verbatim Store 'n' Go Secure Portable SSD with  
more than 20 consecutively entered wrong passcodes.

Afterwards, contrary to the product description, the external SSD could  
still be successfully unlocked with the correct passcode, and access to  
the previously stored data was possible without any issues.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

SySS GmbH is not aware of a solution for the described security issue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2022-06-29: Vulnerability reported to manufacturer  
2022-10-07: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Verbatim Store 'n' Go Secure Portable SSD

 https://www.verbatim.com.au/products/store-n-go-portable-ssd-with-keypad-access/  
[2] SySS Security Advisory SYSS-2022-043

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt  
[3] SySS Security Advisory SYSS-2022-046

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-046.txt  
[4] SySS GmbH, SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de  
Public Key:   
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc  
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Verbatim Store 'n' Go Secure Portable SSD Behavior Violation

When analyzing the external data storage Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16).

Advisory ID:               SYSS-2022-045  
Product:                   Store 'n' Go Secure Portable SSD  
Manufacturer:              Verbatim  
Affected Version(s):       #53402 (GDMSLK02 C-INIC3637-V1.1)  
Tested Version(s):         #53402 (GDMSLK02 C-INIC3637-V1.1)  
Vulnerability Type:        Missing Immutable Root of Trust in Hardware   
(CWE-1326)  
Risk Level:                Medium  
Solution Status:           Fixed  
Manufacturer Notification: 2022-06-29  
Solution Date:             -  
Public Disclosure:         2022-10-07  
CVE Reference:             CVE-2022-28383  
Author of Advisory:        Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive  
with AES 256-bit hardware encryption and a built-in keypad for passcode  
entry.

The manufacturer describes the product as follows:

"The AES 256-bit Hardware Encryption seamlessly encrypts all data on the  
drive in real-time with a built-in keypad for password input. The hard  
drive does not store passwords in the computer or system’s volatile  
memory making it far more secure than software encryption. Also, if it  
falls into the wrong hands, the hard drive will lock and require  
re-formatting after 20 failed password attempts."[1]

Due to insufficient firmware validation, an attacker can store  
malicious firmware code for the USB-to-SATA bridge controller on the  
external drive, which gets executed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

When analyzing the external data storage Verbatim Store 'n' Go Secure  
Portable SSD, Matthias Deeg found out that the validation of the  
firmware for the USB-to-SATA bridge controller INIC-3637EN only consists  
of a simple CRC-16 check (XMODEM CRC-16).

Thus, an attacker is able to store malicious firmware code for the  
INIC-3637EN with a correct checksum on the used SPI flash memory chip  
(XT25F01D), which then gets successfully executed by the USB-to-SATA  
bridge controller.

For instance, this security vulnerability could be exploited in a  
so-called "supply chain attack" when the device is still on its way to  
its legitimate user.

An attacker with temporary physical access during the supply could  
program a modified firmware on the Verbatim Keypad Secure, which always  
uses an attacker-controlled AES key for the data encryption, for  
example.

If, later on, the attacker gains access to the used USB drive, he  
can simply decrypt all contained user data.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

SySS was able to read and write the SPI flash memory containing the  
firmware of the INIC-3637EN controller (128 KB) using a universal  
programmer.

By analyzing the dumped memory content, SySS found out that the  
INIC-3637EN firmware is stored from the file offset 0x4000 to the file  
offset 0x1BFFB, and that the corresponding XMODEM CRC-16 is stored at  
the file offset 0x1FFFC.

Matthias Deeg developed a simple Python tool for updating the checksum  
of modified firmware images before writing them to the SPI flash memory  
chip.

The following output exemplarily shows updating a modified firmware  
image:

$ python update-firmaware.py firmware_hacked.bin  
Verbatim Store 'n' Go Firmware Updater v0.1 - Matthias Deeg, SySS GmbH   
(c) 2022  
[*] Computed CRC-16 (0x0874) does not match stored CRC-16 (0x5E8C).  
[*] Successfully updated firmware file

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

SySS GmbH is not aware of a solution for the described security issue.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2022-06-29: Vulnerability reported to manufacturer  
2022-10-07: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Verbatim Store 'n' Go Secure Portable SSD

 https://www.verbatim.com.au/products/store-n-go-portable-ssd-with-keypad-access/  
[2] SySS Security Advisory SYSS-2022-045

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-045.txt  
[3] SySS GmbH, SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de  
Public Key:   
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc  
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Verbatim Store 'n' Go Secure Portable SSD Missing Trust

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that the firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB (Electronic Codebook) mode.

Advisory ID:               SYSS-2022-044  
Product:                   Store 'n' Go Secure Portable SSD  
Manufacturer:              Verbatim  
Affected Version(s):       #53402 (GDMSLK02 C-INIC3637-V1.1)  
Tested Version(s):         #53402 (GDMSLK02 C-INIC3637-V1.1)  
Vulnerability Type:        Use of a Cryptographic Primitive with a Risky  
                            Implementation (CWE-1240)  
Risk Level:                Low  
Solution Status:           Fixed  
Manufacturer Notification: 2022-06-29  
Solution Date:             2022-07  
Public Disclosure:         2022-10-07  
CVE Reference:             CVE-2022-28382  
Author of Advisory:        Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive  
with AES 256-bit hardware encryption and a built-in keypad for passcode  
entry.

The manufacturer describes the product as follows:

"The AES 256-bit Hardware Encryption seamlessly encrypts all data on the  
drive in real-time with a built-in keypad for password input. The hard  
drive does not store passwords in the computer or system’s volatile  
memory making it far more secure than software encryption. Also, if it  
falls into the wrong hands, the hard drive will lock and require  
re-formatting after 20 failed password attempts."[1]

Due to the use of an insecure encryption AES mode (Electronic Codebook),  
an attacker may be able to extract information even from  
encrypted data, for example by observing repeating byte patterns.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

When analyzing the external storage device Verbatim Store 'n' Go Secure  
Portable SSD, Matthias Deeg found out that the firmware of the  
USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB  
(Electronic Codebook) mode.

This operation mode of block ciphers like AES encrypts identical  
plaintext data, in this case blocks of 16 bytes, always to identical  
ciphertext data.

For some data, for instance bitmap images, the lack of the cryptographic  
property called diffusion concerning the ECB mode can leak sensitive  
information even in encrypted data.

One famous example for this is an ECB-encrypted image of the TUX  
penguin, which, for instance, is referenced in the Wikipedia article  
about block cipher modes of operation[2] to illustrate this issue.

Thus, the use of the ECB operation mode can put the confidentiality of  
specific information at risk, even in an encrypted form.

Additionally, in attack scenarios where an attacker has short-time  
physical access to a Verbatim Store 'n' Go Portable Secure SSD, and  
later returns it to its legitimate owner, the attacker may be able to  
compromise the integrity of the stored data by exploiting the fact that  
the same 16-byte plaintext blocks result in the same 16-byte ciphertext  
blocks, by replacing specific encrypted 16-byte blocks with other ones.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

The same plaintext pattern with the length of 16 bytes was written  
several times to an unlocked Verbatim Store 'n' Go Secure Portable SSD.

When the SSD was then read using another SSD enclosure, the same 16  
byte long ciphertext pattern could be observed for the corresponding  
plaintext data.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The described security issue was fixed by the Verbatim "Security Update  
July 2022"[4].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2022-06-29: Vulnerability reported to manufacturer  
2022-07   : Manufacturer publishes security update[4]  
2022-10-07: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Verbatim Store 'n' Go Secure Portable SSD

 https://www.verbatim-europe.co.uk/en/prod/store-n-go-portable-ssd-with-keypad-access-256gb-53402/  
[2] Wikipedia article about block cipher mode of operation

 https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)  
[3] SySS Security Advisory SYSS-2022-044

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt  
[4] Security Update July 2022: Store 'n' Go Portable SSD  
     https://www.verbatim-europe.co.uk/en/support-centre/?part_no=53402  
[5] SySS GmbH, SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de  
Public Key:   
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc  
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Verbatim Store 'n' Go Secure Portable SSD Weak Cryptography

cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.

cryptmount Filesystem Manager 6.1.0

When analyzing the external storage device Verbatim Store 'n' Go Secure Portable SSD, Matthias Deeg found out that it uses an insecure design which allows for offline brute-force attacks against the passcode.

Advisory ID:               SYSS-2022-043  
Product:                   Store 'n' Go Secure Portable SSD  
Manufacturer:              Verbatim  
Affected Version(s):       #53402 (GDMSLK02 C-INIC3637-V1.1)  
Tested Version(s):         #53402 (GDMSLK02 C-INIC3637-V1.1)  
Vulnerability Type:        Use of a Cryptographic Primitive with a Risky  
                            Implementation (CWE-1240)  
Risk Level:                High  
Solution Status:           Fixed  
Manufacturer Notification: 2022-06-29  
Solution Date:             2022-07  
Public Disclosure:         2022-10-07  
CVE Reference:             CVE-2022-28384  
Author of Advisory:        Matthias Deeg (SySS GmbH)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:

The Verbatim Store 'n' Go Secure Portable SSD is a portable USB drive  
with AES 256-bit hardware encryption and a built-in keypad for passcode  
entry.

The manufacturer describes the product as follows:

"The AES 256-bit Hardware Encryption seamlessly encrypts all data on the  
drive in real-time with a built-in keypad for password input. The hard  
drive does not store passwords in the computer or system’s volatile  
memory making it far more secure than software encryption. Also, if it  
falls into the wrong hands, the hard drive will lock and require  
re-formatting after 20 failed password attempts."[1]

Due to an insecure design, the Verbatim Store 'n' Go Secure Portable SSD  
is vulnerable to an offline brute-force attack for finding out the  
correct passcode and thus gaining unauthorized access to the stored  
encrypted data.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vulnerability Details:

When analyzing the external storage device Verbatim Store 'n' Go Secure  
Portable SSD, Matthias Deeg found out that it uses an insecure design  
which allows for offline brute-force attacks against the passcode.

The device consists of the following four main parts:

1. An SSD with M.2 form factor  
2. A USB-to-SATA bridge controller (INIC-3637EN)  
3. An SPI flash memory chip (XT25F01D) containing the firmware of the  
    INIC-3637EN  
4. A keypad controller (unknown chip, marked "SW611 2201")

For encrypting the data stored on the SSD, the hardware AES engine of  
the INIC-3637EN is used. More specifically, AES-256 in ECB (Electronic  
Codebook) mode is used for data encryption, which is also a security  
issue by itself described in SySS security advisory SYSS-2022-044[2].

The cryptographic key for the actual data encryption, the so-called data  
encryption key (DEK), is stored in a special sector of the SSD which in  
turn is encrypted using AES-256-ECB with a so-called key encryption key  
(KEK).

This KEK is derived from the entered passcode which can be between five  
and twelve digits long, and generated by the keypad controller.

When the unlock button is pressed on the Verbatim Store 'n' Go Secure  
Portable SSD, this generated AES 256-bit key is transmitted via SPI  
communication from the keypad controller to the USB-to-SATA bridge  
controller INIC-3637EN for configuring the corresponding hardware AES  
engine.

For verifying the entered passcode, the firmware of the INIC-3637EN  
reads and decrypts the special sector on the SSD with the provided KEK  
and checks specific data offsets for the known byte pattern (signature)  
"0x20 0x49 0x4E 0x49" which represents the string " INI".

If this byte pattern could successfully be found, the entered passcode  
and its derived AES key is very likely correct and grants the firmware  
access to the decrypted DEK, which can then be used to decrypt the  
actual SSD user data.

This described design of the Verbatim Store 'n' Go Secure Portable SSD  
allows for offline brute-force attacks for finding the correct passcode,  
because an attacker can generate and observe the derived AES keys (KEK)  
of the keypad for all possible passcodes and then try to correctly  
decrypt the data of a specific SSD sector. If the magic byte pattern  
" INI" can be detected in the expected places of the resulting plaintext,  
the correct passcode is found, which then allows for gaining  
unauthorized access to the encrypted user data.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Proof of Concept (PoC):

For demonstrating the offline brute-force attack, Matthias Deeg  
developed a sample brute-forcing software tool which checks the complete  
search space of all possible passcodes between five and twelve digits.

The following output exemplarily shows a successful attack.

 >VKSCracker.exe  
  _   _ _   __ _____   _____                _  
| | | | | / //  ___| /  __ \              | |  
| | | | |/ / \ `--.  | /  \/_ __ __ _  ___| | _____ _ __  
| | | |    \  `--. \ | |   | '__/ _` |/ __| |/ / _ \ '__|  
\ \_/ / |\  \/\__/ / | \__/\ | | (_| | (__|   <  __/ |  
  \___/\_| \_/\____/   \____/_|  \__,_|\___|_|\_\___|_|  
  ... finds out your passcode.

Verbatim Keypad Secure Cracker v0.6 by Matthias Deeg   
<matthias.deeg@syss.de> (c) 2022  
---  
[*] Found 8 logical processors  
[*] Found 2 physical drives  
[*] Trying to read magic sector from device \\.\PHYSICALDRIVE0  
[*] Trying to read magic sector from device \\.\PHYSICALDRIVE1  
[*] Found a plausible magic sector for Verbatim Keypad Secure (#49428) or  
     Verbatim Store 'n' Go Secure Portable SSD (#53402)  
[*] Initialize passcode hash table  
[*] Start cracking ...  
[+] Success!  
     The passcode is: 12345678  
[*] Some statistics  
     Total cracking time:   5.37 seconds  
     Candidates per second: 10132001

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solution:

The described offline brute-force attack was fixed by the Verbatim  
"Security Update July 2022"[4].

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclosure Timeline:

2022-06-29: Vulnerability reported to manufacturer  
2022-07   : Manufacturer publishes security update[4]  
2022-10-07: Public release of security advisory

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

References:

[1] Product website for Verbatim Store 'n' Go Secure Portable SSD

 https://www.verbatim.com.au/products/store-n-go-portable-ssd-with-keypad-access/  
[2] SySS Security Advisory SYSS-2022-044

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-044.txt  
[3] SySS Security Advisory SYSS-2022-043

 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2022-043.txt  
[4] Security Update July 2022: Store 'n' Go Portable SSD  
     https://www.verbatim-europe.co.uk/en/support-centre/?part_no=53402  
[5] SySS GmbH, SySS Responsible Disclosure Policy  
     https://www.syss.de/en/responsible-disclosure-policy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Credits:

This security vulnerability was found by Matthias Deeg of SySS GmbH.

E-Mail: matthias.deeg (at) syss.de  
Public Key:   
https://www.syss.de/fileadmin/dokumente/Materialien/PGPKeys/Matthias_Deeg.asc  
Key fingerprint = D1F0 A035 F06C E675 CDB9 0514 D9A4 BF6A 34AD 4DAB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer:

The information provided in this security advisory is provided "as is"  
and without warranty of any kind. Details of this security advisory may  
be updated in order to provide as accurate information as possible. The  
latest version of this security advisory is available on the SySS website.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Copyright:

Creative Commons - Attribution (by) - Version 3.0  
URL: http://creativecommons.org/licenses/by/3.0/deed.en

Linux has an issue with munmap() racing with pagemap_read() that leads to a page use-after-free vulnerability.

Source

Packet Storm