Kingston recalls some USB drives due to security flaw

A software flaw uncovers password authentication process

Kingston Technology is recalling certain models of its DataTraveler secure USB flash drives in order to update firmware on the thumb drives after a security company found a flaw that could allow a hacker to gain access to the user's password.

On its Web site, Kingston stated that "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on" some Kingston Secure USB drives.

According to Kingston, the security flaw involves the way the drive processes the password. German security company SySS GmbH apparently created a script that revealed the password authentication method.

A Kingston spokesperson said the company could not comment on any specifics surrounding the security flaw as "anything we say gives other hackers fuel and clues" as to how to break into the drive's security features.

The affected models include the DataTraveler BlackBox; DataTraveler Secure --Privacy Edition; and DataTraveler Elite -- Privacy Edition.

Currently, owners of the drives are being directed to a the company's drive update site for information about returning the drives or updating the firmware.

Lucas Mearian covers storage; disaster recovery and business continuity; financial services infrastructure; health care IT for Computerworld . Follow Lucas on Twitter @lucasmearian , send e-mail at lmearian@computerworld.com or subscribe to Lucas's RSS feed .

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags kingstonusb flash drive

More about KingstonKingston Technology

Show Comments
[]