|
| Vulnerability | Classification | Description | Security technology |
|
| Implementation vulnerability | Exception of public certificate | Exception handling when the public certificate is stored to allow data access | (i) Prevention of arbitrary data copying |
| Password initialization | Data access through recovery tool after password/data initialization | (ii) Data protection after loss |
| Input count manipulation | Manipulation of password input count to infer password through brute force attack | (iii) Data protection after loss |
|
| Environmental vulnerability | VMware | Disabling of management program using VMware | (iv) User authentication and identification |
| Direct memory access | Direct access to flash drive to read and write data | (v) Prevention of arbitrary data copying |
| Safe mode | Booting in safe mode to disable the management program | (vi) User authentication and identification |
| Forced termination | Termination and disabling of management program by force | (vii) Prevention of arbitrary data copying |
| Booting time difference | Data access during the time the management program is not run in the booting process | (viii) Prevention of arbitrary data copying |
| Eavesdropping | Analysis of data transferred between the host and the flash drive to obtain the password or password hint | (ix) Data encryption/decryption |
|
| Unlock commands | Secured domain access command | Sending of unlock command to access the secured domain | (x) User authentication and identification |
| Command containing the authentication data | Sending of unlock command containing the authentication data to access the secured domain | (xi) User authentication and identification |
|
| Reverse engineering | Authentication bypass | Analysis of authentication process of management program to bypass authentication | (xii) User authentication and identification |
| Exposure of encryption/decryption key | Analysis of data encryption/decryption function of management program to obtain the encryption/decryption key | (xiii) User authentication and identification |
| (xiv) Data encryption/decryption |
|
