Encrypted Device Vulnerability Problem
Just Recently, news was released that some of the Encrypted USB Flash Drive devices have a loop hole within their encrypting feature.
There is quite a few Companies and Individuals out there that use thumb drives equipped with encryption capabilities to secure their sensitive data. This is a sensible idea as there have been far too many instances of Storage Devices being lost containing confidential personal and business data.
Even our own military uses secret plans for troop movement which is a lot of times stored in portable USB storage units.
So having a Flash Drive that automatically encrypts your data is a good idea; as it will mean that even if you do lose your USB Drive, identity thieves won’t be able to do anything with your personal information unless they have your password to unlock the secure drive.
One of the issues with these devices, as stated by SanDisk, is that there is a flaw in their encryption procedure. Basically, some versions of their Cruzer Enterprise flash drives contain a vulnerability that could allow unauthorized individuals to access the encrypted data on your USB stick. SanDisk made sure to point out that the flaw was not within their drive’s hardware or firmware, but in the actual code that accompanies the drive and runs on the user’s computer.
Kingston Technology had a similar security flaw within their devices (presumably based upon the same vulnerability). They released a Security Bulletin regarding a potential threat from hackers, which would allow the hacker to access encrypted data on some of their USB drives too. Kingston’s Bulletin didn’t provide much information other than to advise affected customers to contact Kingston’s Technical Support. However, one thing that this Bulletin did explain, was that a “skilled person” with the proper tools and actual access to the drives might be able to gain access to encrypted data”.
Frankly, it’s pretty unfortunate that these so-called secure and encrypted devices should are vulnerable to this type of attack.
Located Below are some of the drives currently affected by this Security Flaw.
Cruzer Enterprise USB flash drive, CZ22
Cruzer Enterprise FIPS Edition USB flash drive, CZ32
Cruzer Enterprise with McAfee USB flash drive, CZ38
Cruzer Enterprise FIPS Edition with McAfee USB flash drive, CZ46
Kingston DataTraveler BlackBox (DTBB)
Kingson DataTraveler Secure – Privacy Edition (DTSP)
Kingson DataTraveler Elite – Privacy Edition (DTEP)
We all know that USB Drives are portable and extremely useful. But, if you are going to be using them to store personal or business information on them, make sure that you do your homework on the USB Drive that you are interested in.
Until Next Time!