Encryption Cracked on Certified USB Drives

Just a warning out there to those who use SanDisk, Verbatim, or Kingston USB flash drives and take advantage of their encryption to secure your files that these are easily cracked due to an extremely dim-witted move: the same decryption string is provided when accessing encrypted files no matter what your password is. Meaning, you just have to bypass their authentication program and send this string, which is even the same string on all three of the brands listed at the beginning of this article. Yeesh! Remember folks, these are the same drives that are certified by NIST as FIPS 140-2 Level 2 (PDF) and are used by the American Armed Forces and the US government (for unclassified data).

 

Security expert firm SySS (click here for english link) has created a demo program that can access encrypted files within seconds. You can access their press release and papers here.

 

Read more to see the recalls and security notes from the three flash drive makers...

Depending on which manufacturer built your drive select the appropriate link:

Tag: encryption sandisk verbatim kingston usb flash drives nist what were they thinking

Comments (8)


The Grim Admin
https://www.grimadmin.com/article.php/encryption-cracked-certified-usb-drives