FIPS 140-2 Cerified Flash Drives Have Security Flaw

NIST Involved in Reviewing the Issue

1 min read
FIPS 140-2 Cerified Flash Drives Have Security Flaw

On the 18th of December, the German security firm SySS published a paper saying that it had found a way to "bypass the entire protection of the [FIPS 140-2 certified] USB sticks. Independent from the password in use, respective encrypted data can be reconstructed within seconds."

SySS then reported - and vendors SanDisk, Verbatim and Kingston Technology reluctantly confirmed early last week - that a number of their cryptographic standard FIPS 140-2 certified flash drives including SanDisk Cruzer Enterprise FIPS Editions CZ32 and CZ46 in 1G, 2G, 4G and 8G; the Verbatim Corporate Secure FIPS Edition in 1G, 2G, 4G and 8G; and Kingston Technology's DataTraveler Secure, DataTraveler Elite and DataTraveler Blackbox were open to this bypass technique.

Kingston said that a number of their other models (DataTraveler Locker DataTraveler Locker+, DataTraveler Vault, DataTraveler Vault, Privacy Edition, DataTraveler Elite and the DataTraveler Secure) were not affected, however.

According to this story yesterday in Government Computing News (GCN), the National Institute of Standards and Technology (NIST) is now looking into the issue, and has said in a press release that, "From our initial analysis, it appears that the software authorizing decryption, rather than the cryptographic module certified by NIST, is the source of this vulnerability. Nevertheless, we are actively investigating whether any changes in the NIST certification process should be made in light of this issue."

All three vendors have issued software updates to address the problem, GCN reports.

The Conversation (0)

An IBM Quantum Computer Will Soon Pass the 1,000-Qubit Mark

The Condor processor is just one quantum-computing advance slated for 2023

4 min read
This photo shows a woman working on a piece of apparatus that is suspended from the ceiling of the laboratory.

A researcher at IBM’s Thomas J. Watson Research Center examines some of the quantum hardware being constructed there.

Connie Zhou/IBM

IBM’s Condor, the world’s first universal quantum computer with more than 1,000 qubits, is set to debut in 2023. The year is also expected to see IBM launch Heron, the first of a new flock of modular quantum processors that the company says may help it produce quantum computers with more than 4,000 qubits by 2025.

This article is part of our special report Top Tech 2023.

While quantum computers can, in theory, quickly find answers to problems that classical computers would take eons to solve, today’s quantum hardware is still short on qubits, limiting its usefulness. Entanglement and other quantum states necessary for quantum computation are infamously fragile, being susceptible to heat and other disturbances, which makes scaling up the number of qubits a huge technical challenge.

Keep Reading ↓Show less