Bob ‘n Alice On Security

Helping to Avoid a False Sense of Security

Archive for July 2010

Corsair Flash Padlock 2 USB Flash Drive Vulnerability

leave a comment »

Corsair has issued a press release announcing the discovery of a security issue that exposes data on their Flash Padlock 2 USB Flash Drive. The drive uses a keypad to allow users to enter a PIN in order to unlock data on the drive. The announced vulnerability allows anyone to access the data on the drive without knowing or entering the correct PIN. In the press release Corsair included a 10-step process that must be undertaken by the end user in order for the drive to “meet its security specification”, which presumably means to keep the data secure from those without knowledge of the PIN.

Interestingly enough, this second version of the keypad-protected device is also the second version released by Corsair that suffers from a critical security failure. As The H reported in 2008, the original Padlock from Corsair could be breached by simply opening up the device, attaching an external power source, and reading the data – which was unencrypted – from the memory stick.

This should serve as yet another reminder that external authentication factors – including biometric identification, PINs entered via external keypads, or voice recognition – are no substitute for a solid security architecture.

As always, stay safe and avoid a false sense of security.


Written by Alice

July 1, 2010 at 13:23

Posted in Corsair: Padlock