Kingston admits "secure" USB drives are flawed

Kingston DataTraveler BlackBox

Three models of Kington's "secure" USB drives could yield data, company admits

Kingston is urging customers to return their supposedly "secure" USB drives after discovering that they're not quite as watertight as the company claimed.

A post on Kingston's website claims that "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorised access to data" on three of the company's models. They are the DataTraveler BlackBox, DataTraveler Secure – Privacy Edition, and DataTraveler Elite – Privacy Edition.

Kingston doesn't detail how the drives can be compromised, but the problem is serious enough for the company to request that customers return their drives for a "factory update".

The flaw is particularly embarrassing, given that Kingston claims the Data Traveler Secure drive is "the first USB Flash drive that secures 100% of data on-the-fly via 256-bit hardware-based AES encryption", and that the drive is "specifically designed to meet enterprise-level security and compliance requirements".

The drive requires users to enter a strong password with a minimum of six characters before granting access to the data, automatically wiping the data if a wrong password is entered ten times.

Kingston's website provides details on how to return your drives - UK-based owners should call the company on 01932 738950.

Read more

News