Kingston Admits Secure USB Drives Are Vulnerable

From PC World: Independent memory giant Kingston Technology has issued a highly unusual warning that several of its supposedly secure encrypted USB drives can be hacked.

The precise nature of the hack has not been disclosed, but the company named three drive models, the DataTraveler BlackBox, the DataTraveler Secure - Privacy Edition, and the DataTraveler Elite - Privacy Edition, as being vulnerable to "a skilled person with the proper tools and physical access to the drives."

All of the drives use highly-secure 256-bit AES encryption, so it is likely that the vulnerability in some way allows an attacker access to the encryption key stored inside the drive, which would give free access to the data. Achieving this would be unlikely to be trivial, but exactly how non-trivial is impossible to gauge without the sort of information the company is not going to offer for fear of encouraging attacks.

The company pointed out in mitigation that the warning does not apply to a number of its other secure USB stick products, including the DataTraveler Locker, DataTraveler Locker+, DataTraveler Vault, DataTraveler Vault - Privacy Edition, DataTraveler Elite, and DataTraveler Secure. Two of the models affected, the Secure and Elite, are also no longer on sale though they would still be in use by many organisations.

View: Article @ Source Site