audebert · March 22, 2018 10:12
diff --git a/gistfile1.txt b/gistfile1.txt
 [Description]
 An issue was discovered on MECO USB Memory Stick with Fingerprint
 MECOZiolsamDE601 devices. The fingerprint authentication requirement
 for data access can be bypassed. An attacker with physical access can
 send a static packet to a serial port exposed on the PCB to unlock the
 key and get access to the data without possessing the required
 fingerprint.

 ------------------------------------------

 [Vulnerability Type]
 Incorrect Access Control

 ------------------------------------------

 [Vendor of Product]
 MECO

 ------------------------------------------

 [Affected Product Code Base]
 MECO USB Memory Stick with Fingerprint - MECOZiolsamDE601

 ------------------------------------------

 [Affected Component]
 USB key security controller

 ------------------------------------------

 [Attack Type]
 Physical

 ------------------------------------------

 [Impact Escalation of Privileges]
 True

 ------------------------------------------

 [Impact Information Disclosure]
 True

 ------------------------------------------

 [Attack Vectors]
 Physical access to the USB key.

 ------------------------------------------

 [Reference]
 https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
 https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf
 https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

 ------------------------------------------

 [Discoverer]
 Remi Audebert, Jean-Michel Picod, Elie Bursztein
	[Description]
	An issue was discovered on MECO USB Memory Stick with Fingerprint
	MECOZiolsamDE601 devices. The fingerprint authentication requirement
	for data access can be bypassed. An attacker with physical access can
	send a static packet to a serial port exposed on the PCB to unlock the
	key and get access to the data without possessing the required
	fingerprint.

	------------------------------------------

	[Vulnerability Type]
	Incorrect Access Control

	------------------------------------------

	[Vendor of Product]
	MECO

	------------------------------------------

	[Affected Product Code Base]
	MECO USB Memory Stick with Fingerprint - MECOZiolsamDE601

	------------------------------------------

	[Affected Component]
	USB key security controller

	------------------------------------------

	[Attack Type]
	Physical

	------------------------------------------

	[Impact Escalation of Privileges]
	True

	------------------------------------------

	[Impact Information Disclosure]
	True

	------------------------------------------

	[Attack Vectors]
	Physical access to the USB key.

	------------------------------------------

	[Reference]
	https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
	https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf
	https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

	------------------------------------------

	[Discoverer]
	Remi Audebert, Jean-Michel Picod, Elie Bursztein