USB Stick Vulnerability

By: Absolute Team | 1/14/2010

Over the years we have talked extensively about the importance of data security on all portable data devices - laptops, mobile phones, USB sticks. One piece of news has come to light recently highlighting a newly discovered vulnerability in some USB sticks. The vulnerability was discovered by German security research group SySS GmbH.

Specifically, some models from SanDisk, Kingston and Verbatim (see list here) were able to be defeated, bypassing the user password completely in order to access the data. The vulnerability was that the USB sticks all used the same authentication key, with password validation only at the software (not hardware) level. The password could therefore be bypassed.

This attack does not affect all USB sticks, only certain models of certain brands. Kingston has recalled their USB drives while SanDisk and Verbatim now offer software updates. The IronKey USB drive that we have previously discussed is one of those unaffected by this vulnerability.

Via McAfee, PC Mag

Financial Services