?

Log in

Previous Entry | Next Entry

USB Thumb Drive Awareness

Life Lesson: Don’t put personal or work data on a USB thumb drive unless you make damn sure that information is encrypted.

Did you know that globally over 20+ million USB flash drives are lost every year.

The BAD:

* Cannot recommend USB drives with built in hardware security, as they too are vulnerable and have been circumvented…repeatedly.  (Aka: SanDisk, Kingston, Toshiba...ect)
* Thumb drive out of sight? Then assume someone has physical access to it.
* Deleting a file only removes headers to the file, that file is still there until something overwrites those areas with new data.
* Quick formatting also only removes the file headers, files can still easily be recovered.
* NEVER USE THE FAT ALLOCATION TABLE, it is legacy flawed and cannot be repaired & will not be repaired and a majority of USB Thumb Drives use this format as default out of the package.
* Still using the autorun feature, turn it the fuck off.


The Not so BAD:

* Run truecrypt software on everything; HDD, Removable HDD, USB Hard Drives BUT especially USB Thumb drives as you are more likely to carry them and lose them.
* Deny access to the hardware, sometimes difficult if you just happen to drop the thumb drive in a parking lot... shit happens to even the best of people.
* Use Eraser or File Shredder programs to truly delete files (This applies to Hard Drives as well)
* Don't use them, alternatives are cloud storage and yes this brings up all sort of other issues... you are encrypting your cloud storage, Right!


Why is this important and how did all this USB Thumb Drive stuff come about?

It all started when I found the remains of a USB thumb drive in a rain puddle of a local parking lot and figured it would make an interesting repair project to see if I could actually get it working.  Ehh! it's a challenge.


1. Here is what I found... no too bad, far better then some I have seen.

1_lj


2. It has been run over skewing the Flash Ram, pulling up some pads and traces in the process too. Been outside for awhile, long enough for a critter to hatch a baby on it anyway.

2_lj


3. Crystal is trash and parts knocked off, fair amount of corrosion on both sides of the board.


3_lj


4. Heated and pulled off board parts, started cleaning up pcb traces.

4_lj


5. Replaced missing parts, made the needed repairs to damaged traces and added USB cord connection.

5_lj


6. This shows the wire route... nothing spectacluar it should just work for the time needed for data collection.

6_lj


7. The U4 IC pin was corroded so when I placed the tip of the soldering iron onto it, off it came. Again, no problem. I just grabbed the xacto knife and pelled back some of the plastic to expose the pin and a quick tack of solder should do the trick. But will it work?


7_lj


8. and we have a BINGO!  I won't go into what was stored on the device, except to say YES IT SHOULD HAVE BEEN ENCRYPTED.  What can you say, people are lazy, don't care or don't know any better, or YES all the above. Anyways!?!?!

8_lj


9. All these USB Thumb Drives seem to use the Silicon Motions Flash Controller Chips. So, heading over to the mfg's website and we can grab some software tools to look at settings up the USB Drive Internally. WOW! lots of options and very flexible hardware/firmware setup I'm actually rather impressed with what you can do with these things now.  They should offer some real end user tools like this.

flashtool_lj


10. Anyway, lots of fun was had and my tech skills are still around a  B-.  I've pulled everything off I want to keep and now ready for some delamination fun.

9_lj


11. A little FeCL3 (Ferric Chloride) should do the trick.

10_lj


12. and presto magik Bobs Your Uncle it's all gone. I snapped the chip even though I used the mfg's software tools to shred the crap out of that Samsung Flash Chip internally.

11_lj


13. Moral of this story, if you are gonna carry 'any' storage device around... Encrypt..encrypt..EnCrYpT..tPyRcNe..
oh yeah and USB Thumb Drives are ticking time bombs, sooner or later every encryption falls. So, just try to be aware of what you are loading onto them when you drop it in your purse, pants pocket or backpack. If you don't need to have those copies of XYZ documents because you are finished needing them, remove them off the thumb drive.

usb lot


BTW, don't be a dick. The person that dropped this did so by mistake and the things I did to get it running are just slightly above average. They fucked up, I'm glad I was the one that found it and not some jackass.

So Yeah, please ENCRYPT your stuff.




* Read about what happen to the ARMY and how the (Thumb Drive Awareness TIA TDA 3400) program came into play.

* http://www.truecrypt.org/docs/?s=truecrypt-portable

* http://www.anewmorning.com/2008/10/06/how-to-create-the-ultimate-encrypted-flash-drive




# # # #



Disclaimer:
This information and the circuits are provided as is without any express or implied warranties. While every effort has been taken to ensure the accuracy of the information contained in this text, the authors/maintainers/contributors assume no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

I disclaim everything. The contents of the articles might be totally inaccurate, inappropriate, or misguided. There is no guarantee as to the suitability of said circuits and information for any purpose whatsoever other than as a self-training aid. I.E. If it blows your equipments, trashes your hard disc, wipes your backup, burns your building down or just plain don't work, IT ISN'T MY FAULT. In the event of judicial ruling to the contrary, any liability shall be limited to the sum charged on you by us for the aforementioned document or nothing, whichever is the lower.

I will not be held responsible for any damages or costs which might occur as a result of my advice or designs. All of my designs are allowed to be used for commercial purposes without my written authorization.

Chemical Safety:
Use of any and all Chemicals is simple “Read the damn Label” and don’t be a Hero or an Idiot.

Use, Recycle, Reuse and Dispose of everything properly.




Profile

smith
bleepmicro
bleepmicro

Latest Month

June 2017
S M T W T F S
    123
45678910
11121314151617
18192021222324
252627282930 

WISH LIST

[BOOKS]




  • FUNKAMATEUR Jahrgangs-CDs 1995 bis 2014 - 20er-CD-Pack (www.box73.de)


  • FUNKAMATEUR Jahrgangs-CD 2015 (www.box73.de)


  • Pickles


  • I'll also accept anything that covers QRP, RF, RADIO, Electronics, Physics, Optics... etc.


  • Tags

    Powered by LiveJournal.com