Sign In

Communications of the ACM

ACM News

More Flash Drive Firms Warn of Security Flaw; NIST Investigates

View as: Print Mobile App Share:

SanDisk Corp. and Verbatim Corp. have joined Kingston Technology Inc. in warning customers about a potential security threat posed by a flaw in the hardware-based AES 256-bit encryption on their USB flash drives.

The hole could allow unauthorized access to encrypted data on a USB flash drive by circumventing the password authorization software on a host computer.

"It's really onerous. It's a stupid crypto mistake and they screwed up and they should be rightfully embarrassed for making it," said cryptographer and computer security specialist Bruce Schneier.

Verbatim warned that the security flaw exists in its Verbatim Corporate Secure and Corporate Secure FIPS Edition series of USB flash drives; SanDisktold owners of the threat related to its Cruzer Enterprise series of USB flash drives. Both companies issued online application upgrades to address the issue.

From ComputerWorld
View Full Article


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account