Not all USB drives are vulnerable to this attack. told Computerworld, "So if a hacker is able to find those default set of characters, all they need to do is return those and they will have access to encrypted data on the drive." Or, as David Jevans, CEO of USB manufacturer IronKey Corp. In short, SySS had created skeleton keys for many common secure USB drives. Once on the computer, SySS discovered that you could watch the password authorization process.Īrmed with this information, SySS showed that you could modify the password authentication routine for a given device so that it would always authorize any password you'd care to give it. When the device's software asks for you to enter a password, it places its device password on your computer to authorize your drive and your password. When you use a new encrypted USB drive for the first time, the drive already has a default device password. What has happened though is that it appears many vendors didn't think through how they let people use the encryption in the first place. Despite what you may have read from some fear-mongers, AES remains unbroken. It is not that the encryption itself-usually AES (Advanced Encryption Standard) encryption-that has been broken. The German security company SySS GmbH discovered that many, but not all, of today's encrypted USB sticks and flash drives are actually vulnerable to a relatively easy attack. They're handy, you can use them on any PC, and with built-in encryption even if you lost them it was no big deal. If you're like me, you've taken to carrying important data on USB sticks or flash drives.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |