Skip the navigation

Kingston recalls some USB drives due to security flaw

A software flaw uncovers password authentication process

January 5, 2010 12:29 PM ET

Computerworld - Kingston Technology Co. is recalling certain models of its DataTraveler secure USB flash drives in order to update firmware on the drives after a security company found a flaw that could allow a hacker to gain access to a user's password.

On its Web site, Fountain Valley, Calif.-based Kingston stated that "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on" some of its USB drives.

According to Kingston, the security flaw involves the way the drives process passwords. German security company SySS GmbH apparently created a script that revealed the password authentication method.

A Kingston spokesperson said the company would not comment on any specifics surrounding the security flaw, because "anything we say [could give] other hackers fuel and clues" as to how to break into the drive's security features.

The affected models include the DataTraveler BlackBox, DataTraveler Secure–Privacy Edition, and DataTraveler Elite–Privacy Edition.

Currently, owners of the drives are being directed to Kingston's drive update site for information about returning the drives or updating the firmware.

Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure, and health care IT for Computerworld. Follow Lucas on Twitter at Twitter@lucasmearian, send e-mail to or subscribe to Lucas' RSS feed Mearian RSS.

Read more about Data Storage in Computerworld's Data Storage Topic Center.

Our Commenting Policies