Comment by RandomBK

Comment by RandomBK 9 hours ago

18 replies

View on Hacker News

I see a lot of discussion in this thread stemming from some confusion+not reading the actual report[0].

Some key points:

1. The Camera+Card was encased in a separate enclosure made of titanium+sapphire, and did not seem to be exposed to extreme pressures.

2. The encryption was done via a variant of LUKS/dm-crypt, with the key stored on the NVRAM of a chip (Edited; not in TrustZone).

3. The recovery was done by transplanting the original chip onto a new working board. No manufacturer backdoors or other hidden mechanisms were used.

4. Interestingly, the camera vendor didn't seem to realize there was any encryption at all.

[0] https://data.ntsb.gov/Docket/Document/docBLOB?ID=18741602&Fi...

Keeblo 9 hours ago

Unless I misread the article, the key was stored in the NVRAM and not the TrustZone.

IIRC, the article stated that if the key(s) had been stored in the TrustZone then the data would have been irrecoverable.

Reply View 1 reply
  • RandomBK 8 hours ago

    Good catch; it was somewhat ambiguous in the report.

    Reply View 0 replies
nxobject 9 hours ago

If the encryption was that easy to bypass, was it worth it at all?

Reply View 13 replies
  • phire 8 hours ago

    The manufacturer didn’t even know encryption was enabled, because as long as the camera was working, it would just provide all files over USB without any encryption.

    It was basically enabled by accident, and the only thing it prevented was recovery of files directly from the SD card when the camera was damaged.

    Reply View 0 replies
  • astrange 8 hours ago

    There are some reasons you'd want to encrypt even without a secret key. One is it makes it easier to erase data (just erase the key).

    It also makes bit flip errors a lot more obvious, which is another way of saying harder to ignore, so that can go either way.

    Reply View 4 replies
    • ranger_danger 8 hours ago

      Can't bit flip errors also destroy encrypted volumes much more easily?

      Reply View 3 replies
      • dgoldstein0 5 hours ago

        I think it depends. Encrypted filesystems typically encrypt contents of each file separately - that way you don't need to read / write the whole disk to read it write any individual file contents. Of course that means metadata may be in plain text or may be separately encrypted - again possibly folder by folder instead of all metadata at once. Exact details would vary with different file system encryption schemes.

        Whereas if you image the disk and encrypt the image properly, that gives you all the great confidentially guarantees but no random access.

        Reply View 1 reply
        • astrange 3 hours ago

          > Encrypted filesystems typically encrypt contents of each file separately - that way you don't need to read / write the whole disk to read it write any individual file contents.

          Ah, that's not true of "full disk encryption". It usually encrypts the disk blocks.

          File-based encryption is stronger; you can use different protection classes on different files, you can use authenticated encryption, etc. iOS does it this way and I assume other systems have caught up, but don't know any in particular.

          Reply View 0 replies
      • cyphar an hour ago

        Most FDE systems are not authenticated so you would only lose one block (16 bytes for AES). Can this be bad? Yeah, but it's not that bad for data recovery.

        Reply View 0 replies
  • anakaine 9 hours ago

    Sure. If the card was recovered without the camera motherboard then the decryption key would not have been recovered.

    Reply View 0 replies
  • trenchpilgrim 8 hours ago

    Stealing a camera is much harder than stealing an SD card out of a camera.

    Reply View 5 replies
    • Y_Y 8 hours ago

      Citation needed. It might be slightly easier, but most cases where you can get part of the camera, you can get the whole camera. This isn't a little point-and-click with a handy spring-loaded slot either.

      Reply View 4 replies
      • trenchpilgrim 8 hours ago

        Yeah but the Camera's owner is much more likely to notice "my camera is missing" than "the SD card is blank for some reason... the SD card must have failed"

        EDIT: The linked PDF has a photo, the camera literally opens up to access the SD card.

        Reply View 3 replies
Fnoord 6 hours ago

0. They were too cheap to use an industrial grade SD. Mind boggling.

Reply View 1 reply
  • jychang 5 hours ago

    If you read the article, the SD card was placed there by the camera manufacturer and then the device was sealed so it would withstand pressure, and then sold to divers. Blame the camera manufacturer's engineers.

    Seems like the SD card of all things performed just fine, so it hardly seems like the weak point.

    Reply View 0 replies