nus_sidebar_img02

Kingston Data Traveler Device Warning

Kingston Technology has asked customers to return certain models of its DataTraveler secure flash drives for an update, following the discovery of a flaw in the memory sticks.

The affected models include the DataTraveler BlackBox; DataTraveler Secure — Privacy Edition; and DataTraveler Elite — Privacy Edition.

The flaw lies in how the drives process passwords, Jim Selby, Kingston's manager of European product marketing, told ZDNet UK on Monday.

Kingston Data Recovery "The encryption itself is sound, but there is a small loophole regarding the processing of the password," said Selby. "Someone who is skilled enough, with the right tools, could exploit the weakness."

The flaw, which is exploitable if a hacker has physical access to the drives, was brought to Kingston's attention by a German penetration testing company called SySS, said Selby. SySS wrote a piece of software that uncovered the workings of the password authentication process, he added.

Kingston first alerted customers to the flaw before Christmas.

NUS Data Recovery would always advise against the use of such devices as encrypted devices are very often unrecoverable (in the event of failure) due to the encryption being unbreakable when the algorithims are being decoded. Our general advice would be if you have to have such a device to run a parallel system with your data replecated on another device so that in the event of one failing you can restore from the other copy.

source zdnet.co.uk

04, Jan, 2010