Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

Kingston Secure USB Flash Drive Hacked

with 3 comments

It appears that Kingston’s secure flash drives have been hacked. In case the page changes, what follows is the information that Kingston is currently posting about the vulnerability of their DataTraveler series of secure flash drives.

***

Kingston’s Secure USB Drive Information Page

It has recently been brought to our attention that a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on the following Kingston Secure USB drives:

  • DataTraveler BlackBox (DTBB)
  • DataTraveler Secure – Privacy Edition (DTSP)
  • DataTraveler Elite – Privacy Edition (DTEP)

***

Looking through this list it will be interesting to see if DataTraveler BlackBox will maintain its FIPS 140-2 Level 2 certification, an important qualifier for government purchasers in the United States and Canada.

If you own a Kingston it appears the only way to correct this flaw is to send your flash drive back to Kingston for a factory update, during which all data will be erased. While Kingston has acknowledged the flaw in their secure products, they do not appear to have taken the step of issuing a general recall of all compromised devices. As of yet there is also no indication as to whether large-volume or other registered customers will be notified of the vulnerability.

As always, stay safe and avoid a false sense of security.


Written by Alice

December 22, 2009 at 00:53

Posted in Kingston: DataTraveler Series

«
»

3 Responses

Subscribe to comments with RSS.

  1. [...] a comment » Less than 24 hours after reporting that Kingston’s secure USB flash drives have been hacked, it appears that SanDisk’s secure USB flash drives have been hacked as well. According to [...]

    SanDisk Cruzer Enterprise Secure USB Flash Drive Hacked « Bob ‘n Alice On Security

    December 22, 2009 at 17:44

    Reply

  2. Detailed information about the security vulnerability of the Kingston USB flash drives can be found in the following paper: “Cryptographically Secure? SySS Cracks a USB Flash Drive” (http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_Cracks_Kingston_USB_Flash_Drive.pdf)

    Mallory

    December 26, 2009 at 01:13

    Reply

  3. [...] a comment » Back in December I wrote about Kingston acknowledging that a number of Kingston’s secure USB flash drives had been hacked. Yesterday, Kingston issued a press release announcing they would “replace affected secure [...]

    Kingston Acknowledges Security Vulnerability in Hardware, SanDisk to Follow? « Bob ‘n Alice On Security

    January 14, 2010 at 20:40

    Reply

Leave a Reply