Secure USB drives have flaws, warns Kingston

The USB drives affected by the security flaw are the DataTraveler BlackBox, as well as DataTraveler Secure and Elite Privacy units.

Sales of the BlackBox are on hold, Kingston said, whilst the the latter two USB drives are no longer sold by the company.

In a reseller warning posted to its website, the firm said: "The above drives still operate as normal, but if lost or stolen it could be possible for a skilled person to access data held on the drive."

"We understand that the attack used to access the drive's encrypted content is sophisticated and that Kingston have rated this issue as a priority.

"The attack used by the company who found the issue does not affect any of Kingston's other secure drives (DataTraveler Locker, Locker+, Vault or Vault Privacy)."

Commenting on the security warning, Andy Cordial, managing director of storage systems integration specialist Origin Storage, said this is a classic illustration of the increasing levels of hacker sophistication making lower level encryption technologies obsolete.

"Although the Secure and Elite Privacy units are no longer on sale, there are a number of these secure USB drives in active use by public and private sector organisations - who's going to tell them their supposedly secure drives are hackable?", he said.

Because of these issues, he added, any organisation considering a secure method of storing, transporting and/or sharing data should select only those systems that use the most powerful encryption technology - and preferably with an additional layer of protection, such as a PIN / password system, on top of the encryption.

Origin's DataLocker products, he explained, are an example of such technology because, as well as featuring high levels of encryption, they also have brute force hacker defence technology as a standard feature.

"The days of selecting the cheapest secure USB drive and similar storage technologies are now long gone, as the Kingston situation clearly shows", he said.

"The better equipped secure storage devices freely available on the market today are highly secure against today's - as well as well as tomorrow's - hackers, making an investment in the technology something of a no-brainer, compared to the potential legal and reputational damage of sourcing a lower-cost, lower-spec solution", he added.

What’s hot on Infosecurity Magazine?