Serious security vulnerabilities in (supposedly) secure USB flash drives
Last month, we posted here about the FIPS 140 cryptographic standard. Now SySS, a security company in Germany, has managed to prove that FIPS 140-2 certified products can be cracked.
SySS discovered security vulnerabilities in the integrated software that authorizes decryption for USB drives sold by several different vendors that can allow unauthorized persons to access the data on such drives that are encrypted with 256 bit AES.
The National Institute of Standards (NIST) is currently investigating the situation.
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)