Kingston Admits To Secure USB Drive Flaw

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

There are red faces over at Kingston after the company admitted that a number of its encrypted USB sticks can be hacked, and asked customers to return the affected drives

Memory giant Kingston Technology has admitted that some of its supposedly secure USB sticks can in fact be hacked, and it has asked customers to return the devices for an update.

Kingston has posted a warning on its drive information page and warned that a “skilled person with the proper tools and physical access to the drives may be able to gain unauthorised access to data contained on the following Kingston Secure USB drives.”

The affected models include the DataTraveler BlackBox; DataTraveler Secure – Privacy Edition; and DataTraveler Elite – Privacy Edition.

According to Jim Selby, Kingston’s manager of European product marketing, the flaw lies in how the drives process passwords.

“The encryption itself is sound, but there is a small loophole regarding the processing of the password,” Selby told ZDNet UK. “Someone who is skilled enough, with the right tools, could exploit the weakness.”

According to Selby, Kingston was alerted to the flaw by a German penetration testing company called SySS, after it had written some software that uncovered the workings of the password authentication process, despite these drives utilising 256-bit AES encryption.

UK users are advised to contact Kingston on 01932 738950 to get their drives updated.

Kingston is a well established player in the memory field and offers a range of secure USB flash drives for the consumer, enterprise, and government sectors. Back in July it launched the biggest little flash drive in the world with 256GB of storage in a 71mm USB memory stick, the Data Traveler 300.