|
Vulnerability | Classification | Description | Security technology |
|
Implementation vulnerability | Exception of public certificate | Exception handling when the public certificate is stored to allow data access | (i) Prevention of arbitrary data copying |
Password initialization | Data access through recovery tool after password/data initialization | (ii) Data protection after loss |
Input count manipulation | Manipulation of password input count to infer password through brute force attack | (iii) Data protection after loss |
|
Environmental vulnerability | VMware | Disabling of management program using VMware | (iv) User authentication and identification |
Direct memory access | Direct access to flash drive to read and write data | (v) Prevention of arbitrary data copying |
Safe mode | Booting in safe mode to disable the management program | (vi) User authentication and identification |
Forced termination | Termination and disabling of management program by force | (vii) Prevention of arbitrary data copying |
Booting time difference | Data access during the time the management program is not run in the booting process | (viii) Prevention of arbitrary data copying |
Eavesdropping | Analysis of data transferred between the host and the flash drive to obtain the password or password hint | (ix) Data encryption/decryption |
|
Unlock commands | Secured domain access command | Sending of unlock command to access the secured domain | (x) User authentication and identification |
Command containing the authentication data | Sending of unlock command containing the authentication data to access the secured domain | (xi) User authentication and identification |
|
Reverse engineering | Authentication bypass | Analysis of authentication process of management program to bypass authentication | (xii) User authentication and identification |
Exposure of encryption/decryption key | Analysis of data encryption/decryption function of management program to obtain the encryption/decryption key | (xiii) User authentication and identification |
(xiv) Data encryption/decryption |
|