Kingston coughs to security flaw in 'Secure' flash drive Kingston Technology is instructing customers to return certain models of its memory sticks, after the firm discovered a glitch in its DataTraveler Secure flash drives. The company said in a security notice that the models affected were "privacy" editions of the DataTraveler Secure, DataTraveler Elite and DataTraveler Blackbox …
So we are told that the crypto isn't secure to a person with physical access and the right tools and knowledge (eg the device manufacturer)......and we know that flash storage is easy to recover even if the files have been deleted....
And now Kingston want their customers to send them back all the flash drives containing data so private that it warranted a super (in)secure flash drive to hold it originally.....?
Truecrypt offers higher levels of encryption, and on my cheap-as-I-could-get-it 16GB stick I easily get 45MB/s benchmarks. If there's a problem like this, I just upgrade the encrypted container, and I can split the encrypted/unencrypted sections of the drive as I see fit. Little more of a fiddle to set up, but every machine I have access to has Truecrypt, so that's not a problem for me.
Given that the 16GB DataTraveler Vault is £188, and my flash drive cost me £17 - to hell with that!
that when you use windows (as most people do at work) you I believe you can't mount the encrypted container unless
1. Truecrypt is already installed on the system, or
2. If using the portable version you have admin rights on the target machine
I also believe that the more expensive hardware encrypted drives do away with this issue.
It seems kingston were being a bit economical with the truth about exactly what was being protected by AES.
A full description (in german) of the problem can be found here:
http://www.syss.de/fileadmin/ressources/040_veroeffentlichungen/dokumente/SySS_knackt_Kingston_USB-Stick.pdf
My german is poor, but it seems that the code to unlock the drive is stored in a block of flash encrypted with what ever password you set, however this unlock code is the same for all units, so all you have to do is set a breakpoint on the decrypt routines of the unlock program so that after it has incorrectly decrypted the unlock code with the wrong password you can change the decrypted block to:
Hex dump ASCII
00 00 00 00|B5 D3 68 DC|8A 4D A5 B1|FD 2E 68 84| ....h?M.h
4D F2 0D 52|1E 2B F9 CD|00 00 00 00|00 00 00 00| M.R+........
and then let the program continue and it will unlock the drive, apparently the same code is used on all drives, and to think people paid good money for this, it looks like a deliberate backdoor so kingston can recover data for you as its a stunningly stupid way to do things.
Just use truecrypt and a cheap flash drive.
I used to work for a company that rolled these out - I never understood why they didn't get a server side authentication system so that it would only decrypt when either on the network, or over the VPN - it's not as if decent encryption on the fly on a modern CPU is a problem. You can only get into the VPN through the works computers so it's not as if the client application software would be a problem, and most encryption suites allow you to partition up vanilla pen drives with encrypted and non-encrypted access.
As opposed to having the encryption hardware on board, so that if any holes are found in it, it can be cracked wide open on the device itself from any PC, on the works network or not.
Genius.
Ah well, I have emailed the boss of said organisation [hey, they were good to me] so that he can find out if his IT suppliers even know about this. I await the reponse with some degree of anticipation!
Anon, sniggering a little.
>>>>Kingston had claimed that its Data Traveler Secure drive was the first of its kind to protect "100 per cent of data on-the-fly via 256-bit hardware-based AES encrpytion".
Hmmm - must be some interesting new definition of "100%" of which I was never before made aware - thanks, Kingston.
The crypto key was stored on the disk, but encrypted with a universal key for all drives. This is obviously supposed to be a backdoor too allow them to decrypt any drive. They probably stuck a deal with the FBI or something. Unlucky for them, somebody discovered the backdoor.
My 2 disks go directly into the camp fire. I will never buy again from Kingston!
IronKey security analysts have reviewed the vulnerability and research reports.
IronKey devices are NOT vulnerable to this serious security design flaw.
We've posted a detailed analysis of the vulnerability, and a description of how IronKey devices defend against it, on our website, at https://www.ironkey.com/usb-flash-drive-flaw-exposed
I have also posted a discussion of how these devices could have received the prestigious FIPS 140-2 Level 2 security validation from NIST, yet still have this major security design flaw.
We welcome your questions and comments on these issues.
Dave @ IronKey
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
