Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/12/2009
03:09 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Disk Encryption Driver Hole Exposes Encryption Key

Global IP Telecommunications publishes research describing a new attack on disk encryption software

Bradford, Munich, Schffengrund, 12.01.2009, 2009 - Security Hole in Driver Communication of Disk Encryption Software enables interception of encryption key during mount of an encrypted volume

Global IP Telecommunications, a leading manufacturer of Voice-over-IP (VoIP) software telephones, PMC Ciphers, a leading specialist for ultimate ciphers, and CyProtect AG, a leading internet security specialist, have announced today that they've published research describing a new attack on disk encryption software that reveals the entire key when an encrypted volume is being mounted. The attack was named "Mount IOCTL Attack" by the author.

In order to mount a virtual encrypted disk, the user interface application of a disk encryption software passes volume file path information, the selected encryption algorithm as well as the highly secret password, in the clear to a software driver through the DeviceIoControl() function, which is the only function for this purpose in an operating system. A tampered version of the DeviceIoControl() function would easily allow an attacker to get hold of the key used to mount the encrypted volume by a simple comparison for equality of a 32 bit number - the IO Control Code of the mount request.

In the paper, "Attack on mount control code of commercial on-the-fly disk encryption software and efficient countermeasure", the companies used the publically available source code of a popular disk encryption software for their peer review. A hypothetically tampered version of the DeviceIOControl() function could easily wait for a specific IO Control Code (e.g. 466944d = 00072000h) and each time this IOCTL is passed to the function, log the entire set of parameters that is passed along with the function call. These parameters include the entire key required to access the encrypted volume to be mounted IN PLAINTEXT.

The companies further disclosed that an SSL-like Diffie-Hellman key exchange between encryption driver and user interface application of a disk encryption software enable for henceforth encrypted communication with the encryption driver, resulting in complete immunity from Mount IOCTL Attack.

This countermeasure is already built into the new version of the disk encryption software "TurboCrypt". Existing users of earlier "TurboCrypt" or "Global Safe Disk" versions are advised to migrate to the new "TurboCrypt" as soon as possible. The new software is already available online for Windows XP, Vista 32 and Vista 64 operating systems at the following URL:

http://downloads.turbocrypt.com/... or http://www.cyprotect.com/...

The paper, "Attack on mount control code of commercial on-the-fly disk encryption software and efficient countermeasure" is accessible through the following URL:

http://www.turbocrypt.com/...

"ber Global IP Telecommunications Ltd.

Global IP Telecommunications has become well known since 2004 as Prefered Development Partner of Counterpath Solutions Inc. (formerly Xten). Global IP Telecommunications is now a leading manufacturer of softphone applications for Voice-over-IP. GlobalIPTel products are being sold worldwide through leading PC-, USB- and headset manufacturers, internet service providers, telcos as well as international sales partners (www.globaliptel.com).

About PMC Ciphers, Inc. PMC Ciphers is a marketing company for the Polymorphic Cipher invented by co-founder C.B. Roellgen in 1999. The company develops and markets ultra-secure ciphers based on the unique technology of the Polymorphic Cipher. All ciphers of the company are created in Germany (www.pmc-ciphers.com).

About CyProtect AG: CyProtect AG was founded in the year 2000 and is focused on security, respective internet security. We are protecting data and applications against external attacks and are offering encryption for sensitive information saved on storage systems and during network and transfer connections. Furthermore we secure important data against unauthorized access with powerful hardware and software solutions (www.cyprotect.com).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7856
PUBLISHED: 2021-04-20
A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient authentication validation.
CVE-2021-28793
PUBLISHED: 2021-04-20
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where a crafted project folder could execute arbitrary binaries via crafted workspace configuration.
CVE-2021-25679
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed....
CVE-2021-25680
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only...
CVE-2021-25681
PUBLISHED: 2021-04-20
** UNSUPPORTED WHEN ASSIGNED ** AdTran Personal Phone Manager 10.8.1 software is vulnerable to an issue that allows for exfiltration of data over DNS. This could allow for exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS. NOTE: The aff...