QwikSec

Security Database

CVE

CWE

Training

CVE-2017-16242

Published: Mar 22, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443

x_refsource_MISC

https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard%28ware%29-Way.pdf

x_refsource_MISC

https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335

x_refsource_MISC

https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.