Data storage vendor Kingston recently warned customers of a flaw in several of its secure USB drives that could allow an attacker to access sensitive information.
Data storage vendor Kingston recently warned customers of a flaw in several of its secure USB drives that could allow an attacker to access sensitive information.According to the company, the flaw affects its DataTraveller BlackBox, DataTraveller Secure, and Elite Privacy USB drives. Kingston currently sells only the BlackBox, but resellers may still stock the latter two models -- and, of course, plenty of customers already own them.
The attack has not compromised any of the company's other secure drive models.
Origin Storage executive Andy Cordial observes that getting the word out to companies that own one of the compromised drives could be a problem:
"Although the Secure and Elite Privacy units are no longer on sale, there are a number of these secure USB drives in active use by public and private sector organisations - who's going to tell them their supposedly secure drives are hackable?", he said.
Because of these issues, he added, any organisation considering a secure method of storing, transporting and/or sharing data should select only those systems that use the most powerful encryption technology - and preferably with an additional layer of protection, such as a PIN / password system, on top of the encryption.
Full disclosure: Origin Storage is a competitor to Kingston that sells encrypted storage devices. I won't vouch for the company's products, but I will vouch for the quality of Mr. Cordial's advice. Buying secure storage based solely on its price tag, without scrutinizing the underlying encryption and other protective technologies, is a recipe for trouble -- especially at a time when government regulators are on the warpath against companies with sloppy data-security practices.
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.