Authors: Jewan Bang, Byeongyeong Yoo, and Sangjin Lee
DFRWS USA 2010
As storage capacity increases due to the development of flash memory techniques, the use of USB memory has increased. As the use of USB memory increases, violations of privacy and company confidentiality and technical information leakage occur more often. In this context, the use of USB memories that provide security functions to protect the data in them is increasing. Most USB memories are equipped with basic security functions offered by the USB flash drive controller (hereafter called the “USB controller”). However, USB-controller-based security functions have several vulnerabilities. This paper explains how security functions can be bypassed using USB controller commands and present the design and implementation of a secure USB bypassing tool that bypasses the USB security functions.