Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Secure USB Flaw Exposed SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Secure USB Flaw Exposed


Our Handler Arrigo Triulzi pointed out that the "fixed memory content" that was mentioned in the paper is actually the encryption key used internally in these devices. Due to ease of manufacturing, this key is the same for all devices manufactured.


Several ISC readers have written in regarding a security flaw recently exposed on USB flash drive. The issue of the attack is with a software bug in the password verification mechanism. This affects Kingston, SanDisk and Verbatim.

Vendor Information

SanDisk Update Information:
Verbatim Update Information:
Kingston Recall Information:


UPDATE: An ISC reader has contacted Kingston support and confirmed they will be releasing a firmware patch to fix the issue. They have described it as a randomization error and it will affect some of the drives. Thanks Tony.


Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org


512 Posts
ISC Handler
Jan 6th 2010
Kingston is now offering to replace affected drives. I wonder how many un-erased drives they will receive for exchange?

Sign Up for Free or Log In to start participating in the conversation!