Either the differences in implementation between these devices are significant enough that SanDisk and Verbatim have dodged a bullet, or they are avoiding making the tough decision to issue a full recall.
Sandisk secure access vulnerability update#
All three companies’ devices share a similar vulnerability, revealed around the same time, and yet SanDisk and Verbatim maintain that a software update is sufficient to render their devices once again secure. As reported before, SanDisk secure USB flash drives have been hacked, as well as similar devices made by Verbatim. The fact that Kingston has issued a total recall of their affected secure usb flash drives brings up another interesting issue. Given the speed with which these devices are becoming available it is reasonable to assume that these were to be the next phase of secure USB flash drives to be sold by Kingston, though the transfer rates bring into question whether they have been fully optimized. They will be based on entirely new hardware with an entirely new design architecture. In terms of their replacements, Bob has learned that the new devices will be available around the end of January and will be much slower than the units they are replacing, with data transfer rates of about 5MB/sec. In issuing this press release, Kingston has effectively acknowledged that the security vulnerability plaguing its devices is the result of a fatal design flaw, not a software issue that could be resolved with a downloadable patch. For a company that operates on lean margins this has got to be a huge expense, one that would only be incurred if there was no other choice. This should serve as yet another reminder that external authentication factors – including biometric identification, PINs entered via external keypads, or voice recognition – are no substitute for a solid security architecture.Īs always, stay safe and avoid a false sense of security.īack in December I wrote about Kingston acknowledging that a number of Kingston’s secure USB flash drives had been hacked. Yesterday, Kingston issued a press release announcing they would “replace affected secure USB flash drives with upgraded security architecture, new drives”. As The H reported in 2008, the original Padlock from Corsair could be breached by simply opening up the device, attaching an external power source, and reading the data – which was unencrypted – from the memory stick. Interestingly enough, this second version of the keypad-protected device is also the second version released by Corsair that suffers from a critical security failure.
In the press release Corsair included a 10-step process that must be undertaken by the end user in order for the drive to “meet its security specification”, which presumably means to keep the data secure from those without knowledge of the PIN. The announced vulnerability allows anyone to access the data on the drive without knowing or entering the correct PIN. The drive uses a keypad to allow users to enter a PIN in order to unlock data on the drive. Corsair has issued a press release announcing the discovery of a security issue that exposes data on their Flash Padlock 2 USB Flash Drive.
0 kommentar(er)
