Kingston admits to security problems on flash drives

by Steve Ragan - Jan 5 2010, 17:00

Kingston, known as one of the giants in portable memory, has recently confirmed a security problem with some of their DataTraveler series. The problem centers on the fact that even if encryption is used, it is possible to gain access to the data on the device.

The affected drives include the DataTraveler BlackBox, DataTraveler Secure - Privacy Edition, and the DataTraveler Elite - Privacy Edition. While Kingston makes other secure drives, such as the DataTraveler Vault or DataTraveler Locker, those are the only three with the problem.

SySS, a German pentesting company, uncovered the password authentication process on the drives, which use 25-bit AES encryption, with testing and the development of a custom application. [Research here in German]

In a statement, a company spokesperson said that someone with physical access to the flash drive could access the encrypted data, given the will to do so and the skill needed. The spokesperson went on to mention that the encryption used is sound, only that “there is a small loophole regarding the processing of the password.”

Kingston is asking anyone using the three drives to wipe them and send them back for a factory update. [Update Notification]

Customers in North America should call 888-484-9125 and customers in the UK should call 01932 738950.

 

Around the Web