I'm a defence-oriented IT security freelancer with a keen interest in hacking, cryptography and salsa dancing. My interest in cryptography started when I broke ARJ encryption to play the game my brother tried to keep for himself. With a broad set of IT skills and interests, my work ranges from teaching CISSP preparation courses to development to interim CTO roles.
Sony, SanDisk, and Lexar provide encryption software for their USB keys, hard drives, and other storage products. The software is already present when buying a new product and used to keep data on the storage safe. This solution is developed by a 3rd party called ENCSecurity. The security claims of this solution were very strong i.e. "Ultimate encryption using 1024 bit AES keys Military grade". Our analysis of the DataVault software revealed three serious flaws impacting the security of the DataVault solution. This presentation is a look the flaws we identified along with our process for discovery and how the vulnerabilities were addressed.