Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

Kingston Secure USB Flash Drive Hacked

with 4 comments

It appears that Kingston’s secure flash drives have been hacked. In case the page changes, what follows is the information that Kingston is currently posting about the vulnerability of their DataTraveler series of secure flash drives.

***

Kingston’s Secure USB Drive Information Page

It has recently been brought to our attention that a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on the following Kingston Secure USB drives:

  • DataTraveler BlackBox (DTBB)
  • DataTraveler Secure – Privacy Edition (DTSP)
  • DataTraveler Elite – Privacy Edition (DTEP)

***

Looking through this list it will be interesting to see if DataTraveler BlackBox will maintain its FIPS 140-2 Level 2 certification, an important qualifier for government purchasers in the United States and Canada.

If you own a Kingston it appears the only way to correct this flaw is to send your flash drive back to Kingston for a factory update, during which all data will be erased. While Kingston has acknowledged the flaw in their secure products, they do not appear to have taken the step of issuing a general recall of all compromised devices. As of yet there is also no indication as to whether large-volume or other registered customers will be notified of the vulnerability.

As always, stay safe and avoid a false sense of security.

Advertisements

Written by Alice

December 22, 2009 at 00:53

4 Responses

Subscribe to comments with RSS.

  1. […] a comment » Less than 24 hours after reporting that Kingston’s secure USB flash drives have been hacked, it appears that SanDisk’s secure USB flash drives have been hacked as well. According to […]

  2. Detailed information about the security vulnerability of the Kingston USB flash drives can be found in the following paper: “Cryptographically Secure? SySS Cracks a USB Flash Drive” (http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_Cracks_Kingston_USB_Flash_Drive.pdf)

    Mallory

    December 26, 2009 at 01:13

  3. […] a comment » Back in December I wrote about Kingston acknowledging that a number of Kingston’s secure USB flash drives had been hacked. Yesterday, Kingston issued a press release announcing they would “replace affected secure […]

  4. Ironkey made this info public but acted as if it recently occurred in summer 2011
    http://www.ironkey.com/usb-flash-drive-flaw-exposed

    JPMorganChase recently (summer 2011) made a company wide announcement to replace all Kingston Secure USB sticks with Ironkey devices. Previously many employees have and use the unsecure Kingston device!

    dheli ghetto

    July 1, 2011 at 13:34


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: