Review of Hardware Encryption vulnerability of Kingston and SanDisk USB flash drives
The Kingston Technology company, a leader in the production of safe USB drives, and one of the first ones that started producing USB flash drive with hardware encryption (Kingston DataTraveler Secure) announced that some of its models of USB flash drives with hardware protection feature are vulnerable. The announcement was posted on the company’s web site saying that with the help of some tools you can access this USB drive (i.e. hack it without a password). News regarding some models of Kingston being prone to cracking is very surprising because these flash drives have been certified in compliance with FIPS 140-2.
Everything started with the fact that the German company SySS published a document entitled “Companies SySS hacked USB flash drive with hardware encryption Kingston certified FIPS 104-2”. In this document they describe in details the authentication protocol between the drive and the program (the user), which they found on the basis of intercepted USB traffic + vulnerability that was discovered. And also some screenshots of the utility, which is embedded in the process of authentication program for USB drives, and as a result – we may enter any password and access will be granted.
Read more