Verbatim Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 Missing Trust

Discussion in 'News Aggregator' started by Packet Storm, 21 Jun 2022.

  1. Packet Storm

    Packet Storm Guest

    When analyzing the Verbatim Executive Fingerprint Secure SSD, Matthias Deeg found out that the validation of the firmware for the USB-to-SATA bridge controller INIC-3637EN only consists of a simple CRC-16 check (XMODEM CRC-16). Thus, an attacker is able to store malicious firmware code for the INIC-3637EN with a correct checksum on the used SPI flash memory chip (XT25F01D), which then gets successfully executed by the USB-to-SATA bridge controller.

    Continue reading...
     

Share This Page

Loading...