Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

MXI Secure USB Flash Drive Trojan Vulnerability

leave a comment »

Well, Bob has done it again. He just sent me a PDF that reveals a major vulnerability in MXI’s secure usb drive, the Stealth MXP.

The short version is that anyone carrying a Stealth MXP could be carrying a trojan. Read the PDF on the MXI Stealth MXP trojan vulnerability to learn the details – it should give you some idea of what you’re facing. It will also likely spur an immediate security review of all Stealth MXPs deployed by security-sensitive organizations. The decision that will need to be made is whether or not a thorough scan of the “read only” partition will be sufficient to reveal any and all malware, and thus regain confidence in the devices. Perhaps MXI Security will release some sort of validator to run against their drives to confirm that they haven’t been tampered with.

This is unfortunate for customers of MXI Security, as it follows on top of the MXP Stealth crack revealed a few months ago by the folks at Objectif Sécurité. It will be curious to see if another patch will follow MXI06-001 to remedy this new fault.

While we’re looking at the Stealth MXP, it is interesting to note that it uses another security technology that has been hacked on numerous occasions – biometric fingerprint scanners. Probably the best known case was when the folks at the popular TV show MythBusters hacked a fingerprint scanner, though there have been many others. While biometric scanners are often positioned as an additional layer of security, they are clearly an additional layer of false security, and as such are best avoided.

As always, stay safe and avoid a false sense of security.

Advertisements

Written by Alice

February 4, 2009 at 14:59

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: