What's this about replacing Nitrokey Storage?

So I just received this in my email today:

[quote]Dear Nitrokey supporter!

YOUR NITROKEY STORAGE SHOULD BE REPLACED. PLEASE CONTINUE READING.

As you know, some of the worst things which can happen to IT systems are
security flaws and “bugs”. Fortunately, we have never had a
security-compromising bug in Nitrokey. However, another category of bugs
seems to exist, which conversely result in “too much security”. In our
case, such a bug affects the firmware update feature of the Nitrokey
Storage. This is an unfortunate consequence of several security controls
to protect against illegitimate firmware updates (e.g. no reset allowed,
no JTAG-interface, password protection) and a race condition which
happened during the production of the devices. Consequently, the
Nitrokey Storage devices are “more secure” then desired because it is
not possible to update the firmware anymore.

Even though there is no urgent reason for updating the firmware, future
fixes and optimizations would only be possible through firmware updates.
In order to be able to update the firmware in the future, the hardware
will first have to be replaced. We are very sorry for any inconvenience.

To replace your hardware we can offer you the following options:

a) You can return your Nitrokey Storage to us and we will replace the
hardware. If you wish to do so, please backup all your data and send the
device along with your return address to us at: Nitrokey UG, Berliner
Str. 166, 10715 Berlin, Germany.

b) It is not very complicated to replace the hardware yourself and it
doesn’t require any special tools. If you wish to go down this route
please send us an email with your postal address and the number of the
Nitrokey Storage that you have. We will send you the required hardware
(PCB) and instructions on how to build it in.

c) We can offer you a new (additional) Nitrokey Storage for 45 Euros
including shipping and taxes. If you prefer this option, please send us
an email with your billing and delivery address(es) as well as the
storage capacity and the quantity of your devices. We will send you
instructions how to pay via PayPal or wire transfer.

Once again, we are very sorry for any inconvenience and hope that at
least one of these options is acceptable for you.

Kind regards,
your Nitrokey team[/quote]

I take it this means that it’s impossible to update the firmware on the existing devices. Can you share some more information about what exactly is wrong with the current models? Which models exactly are affected? Is it a bug in the hardware or software?

What exactly has to be replaced in the hardware, the entire PCB? Is there a way to manually fix the bug with those of us with some soldering skills and hardware like logic analyzers, jtag interfaces, etc?

Regards!

Due to a race condition during the very first start of the freshly programmed devices the data in the user page didn’t got initialized as expected. (The user page is a flash area within the main processor.) The user page also should contain a hash of the Firmware Password which is required for updating the firmware. The user page’s content is probably 0xFFFF… so that all verification of the firmware password fails. Therefore no firmware updates are possible.

Theoretically there is a tiny chance to calculate a PKBDF2 collision against 0xFFFF… That would solve the issue.

The only realistic thing which would help is to get access to the JTAG connections and then reprogram the flash via JTAG. But getting access to JTAG PINs is difficult with such BGA components.

Oh boy, there’s nothing worse than trying to come up with a secure device only to wish later on that there was a way in.
Kinda turns the whole point of security on its head.

Does this information also apply to newer devices bought a few months later, since I don’t recall receiving such a notice?

Hi! This was only for the devices with specific firmware distributed back then. If you have the latest firmware or if you are able to update the device then it is OK to use it.