Latest News
October 12, 2011
In a recent article published on ‘The Register’ [1], Trusteer have attempted to “rebuff[...]” the “bank security bypass claims” apparently made by Digit Security in an article published in the Times [2] on the 1st October 2011. The article is almost exclusively composed of what are presumably quotes from the CEO of Trusteer, Mickey Boodaei. [...] read more read more
September 7, 2011
In the recent 44con security conference held at The Grange Hotel in London UK, Neil Kettle of Digit Security Ltd gave a presentation detailing the design of just one of the protections that Trusteer claim their product, namely Trusteer Rapport is capable of providing users. The information disclosed detailed both the design and implementation of [...] read more read more
July 23, 2011
The first vulnerability advisory, albeit covering many vulnerabilities in and of itself, affecting Securstar DriveCrypt has been released. The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DCR” device. An attacker exploiting this vulnerability may [...] read more read more
Contact Us
Home \ Company Blog

Securstar DriveCrypt advisory released

The first vulnerability advisory, albeit covering many vulnerabilities in and of itself, affecting Securstar DriveCrypt has been released.

The vulnerability in question exists due to the improper validation of a user-supplied pointer within a structure passed as argument to the IOCTL interface exported from the globally accessible “\\.\DCR” device. An attacker exploiting this vulnerability may execute arbitrary code with kernel mode privileges, or cause a Denial of Service attack via a page fault caused by an invalid pointer dereference. All versions of Securstar DriveCrypt <= 5.2 are affected.

Whilst Digit Security typically waits for vendors to release verifiable patches for the issues and vulnerabilities we discover, the following comment from Securstar should be noted with respect to some of the fixes applied in the latest version of DriveCrypt:

“The user mode app still leverages the driver for some of the I/O, but in a way which cannot be exploited as easily as before, without some prior transient elevation to admin level. I am still checing [sic] a couple of aspects to be sure it is reasonably secure, IE less easy to exploit.”

On July 23, 2011, posted in: News, Research by Neil Kettle | No Comments »

Comments are closed.