Hackers Can Decrypt Secure USB Sticks

Related Articles

• Cost of a Data Breach
• An Interesting Malware-Analysis Appliance
• Messaging Predictions for 2008

Subscription Options

Subscribe Magazine

Subscribe Newswire

Widgets & RSS Feeds

In a warning blog this week, analyst Graham Cluley with Sophos writes about the increasing number of security announcements by USB memory stick makers.

Cluley reports that secure drives are important as a means to safeguard sensitive data, since USB sticks can easily be lost or misplaced, yet commonly contain confidential information. Unfortunately, several makers have recently come forward stating vulnerabilities that could allow hackers to access encrypted data.

In his blog, Cluley lists the drives reportedly to be affected by the security flaw:

•            Cruzer Enterprise USB flash drive, CZ22 (1GB, 2GB, 4GB, 8GB)

•            Cruzer Enterprise FIPS Edition USB flash drive, CZ32 (1GB, 2GB, 4GB, 8GB)

•            Cruzer Enterprise with McAfee USB flash drive, CZ38 (1GB, 2GB, 4GB, 8GB)

•            Cruzer Enterprise FIPS Edition with McAfee USB flash drive, CZ46 (1GB, 2GB, 4GB, 8GB)

•            Kingston DataTraveler BlackBox (DTBB)

•            Kingson DataTraveler Secure – Privacy Edition (DTSP)

•            Kingson DataTraveler Elite – Privacy Edition (DTEP)

•            Verbatim Corporate Secure USB Flash Drive (1GB, 2GB, 4GB, 8GB)

•            Verbatim Corporate Secure FIPS Edition USB Flash Drives (1GB, 2GB, 4GB, 8GB)

“No-one is denying that USB memory sticks are useful,” writes Cluley, “but, if they are going to carry sensitive information, then proper secure encryption must be used. And if you haven’t already done so, put in place a policy that can detect and block unauthorized use of removable storage devices.”