BruCON 0x0E

Encrypting sensitive data at rest has always been a good idea, especially when storing it on small, portable devices like external hard drives or USB flash drives. Because in case of loss or theft of such a storage device, you want to be quite sure that unauthorized access to your confidential data is not possible. Unfortunately, even in 2022, "secure" portable storage devices with 256-bit AES hardware encryption and sometimes also biometric technology are sold that are actually not secure when taking a closer look.

In this presentation, I will talk about how a customer request led to further research resulting in several cryptographically broken "secure" portable storage devices. This research continues the long story of insecure portable storage devices with hardware AES encryption that goes back many years. With this presentation, I want to raise the awareness of security issues and practical attacks against vulnerable "secure" portable USB storage devices, and tell an interesting story.