Verbatim's encrypting USB drives remain insecure
Verbatim's keypad data carriers are supposed to protect data from theft. However, this does not work reliably even after firmware updates.
Supposedly secure USB data carriers. According to investigations, Verbatim's models with keypads are not secure.
(Image: heise medien)
The manufacturer Verbatim apparently cannot get the security of its USB data carriers, advertised as particularly secure, under control. The three models “Keypad Secure USB Stick”, “Store 'n' Go Portable SSD” and “Store 'n' Go Secure Portable HDD” do encrypt their data. However, unauthorized people can bypass the encryption.
As early as 2022, security expert Matthias Deeg from SySS GmbH serious security vulnerabilities. In the same year, Verbatim released firmware updates that were supposed to address the problems. A new investigation by Deeg shows: While the updates improve the firmware, they do not address the fundamental issues.
SySS shares the updated security advisory numbers SYSS-2025-015, SYSS-2025-016, and SYSS-2025-017 and states a high risk. The question arises whether Verbatim can secure the basic hardware design at all.
Insecure Encryption
All three USB media use the same principle: inside are a SATA data carrier, a USB-to-SATA bridge chip, a memory module for the firmware, and a keypad controller. The latter is connected to a keypad. The device decrypts its data when the user enters the correct PIN consisting of 5 to 12 digits.
With its firmware updates, Verbatim has improved the encryption algorithm from the simple AES Electronic Code Book (AES-ECB) mode to AES-XTS. However, the encryption is of little use because, according to the investigation, it can still be easily bypassed.
The first vulnerability is the firmware. Although it is encrypted, it is only done using the simple XOR method with two static keys. Deeg decrypted and analyzed the firmware and loaded modified versions. This is possible because there is no so-called root of trust with which the devices can check the authenticity of the firmware.
This allowed the security researcher to derive patterns of how the controller creates the keys for encrypting the entire data carrier. This simplifies brute-force attacks, where a program guesses possible PIN combinations. In a proof of concept, it took less than nine seconds to break the encryption despite the current firmware. A short video on YouTube illustrates the attack.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externes YouTube-Video (Google Ireland Limited) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Google Ireland Limited) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
Advertised security mechanism is missing
The fundamental problem is the continued lack of central security: Verbatim data carriers are supposed to lock themselves after 20 unsuccessful PIN entries, but they don't. This means the manufacturer cannot keep its promise: the data is not secure if the data carrier is lost or stolen.
Videos by heise
Deeg also notes that he has now found three hardware revisions with different SATA-USB bridge chips. The latest version requires adapted attacks. However, at first glance, it seems to repeat old mistakes: in an analysis of the encrypted data, the security researcher found repeating patterns.
(mma)
