Flash drives have potential flaws

Tuesday, April 13, 2010 @ 04:04 PM gHale


Flash drive makers, SanDisk Corp. and Verbatim Corp. joined with Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer.

Verbatim warned the security flaw exists in its Verbatim Corporate Secure and Corporate Secure FIPS Edition series of USB flash drives, while SanDisk said it affected its Cruzer Enterprise series of USB flash drives. Both companies issued online application upgrades to address the issue.

The companies said the security issue only applies to the application running on the host system; it doesn’t apply to the drive itself or the drive’s firmware.

Kingston earlier recalled its DataTraveler secure USB flash drives so it could update the devices because of the same issue. The Kingston models affected include the DataTraveler BlackBox, DataTraveler Secure-Privacy Edition and DataTraveler Elite-Privacy Edition.

All three companies said their USB drives met security criteria set by the Federal Information Processing Standard (FIPS) 140-2. FIPS is a U.S. government standard used to accredit devices with encryption algorithms. The National Institute of Standards and Technology developed the standard which includes hardware and software components. FIPS 140 covers four levels of security.



Leave a Reply

You must be logged in to post a comment.