Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

SanDisk Enterprise Cruzer Secure USB Flash Drive Vulnerability

with 2 comments

Wow, Bob has found a second secure flash drive that suffers from a major autorun vulnerability. A new PDF details this new SanDisk Enterprise Cruzer vulnerability. The trust we can place in the SanDisk Enterprise Cruzer (and the OEM’d Kingston Data Traveler Elite Privacy Edition) is now as strong as the trust we can place in the supply chain.

What was the name of the delivery guy that brought that box of shiny new Cruzers to the office? Hope he couldn’t be convinced to let someone alone with that box for a few hours…. If that someone was hostile, the network might have a new, uninvited user – or worse.

Heck, even if the supply chain is rock solid, a hostile outsider could leverage an organization’s use of the SanDisk Cruzer to penetrate their defenses by planting a malware-infected device in any number of ways. In this way, the trust placed in the device makes it more of a danger to the organization than if it were untrusted.

As always, stay safe and avoid a false sense of security.


Written by Alice

February 18, 2009 at 21:27

Posted in SanDisk Cruzer Enterprise

«
»

2 Responses

Subscribe to comments with RSS.

  1. Is this just autorun, or is it a vulnerabiltiy that extends to software on the drive generally?

    Justin

    March 10, 2009 at 06:09

    Reply

  2. [...] This calls to mind a previously detailed SanDisk Cruzer Enterprise secure USB flash drive vulnerability. [...]

    SanDisk Cruzer Enterprise Secure USB Flash Drive Hacked « Bob ‘n Alice On Security

    December 22, 2009 at 17:44

    Reply

Leave a Reply