Self Destructing Memory Stick that Doesn’t

I suppose you have to give some credit to Secustick for trying a different tactic. The informed know that encryption is not a panacea. Since a thumb drive is easily lost or lifted, creative thinking about how to secure them should be praised. Well, if done well. has a good review of the product. The first thing revealed is that the security feature depends on a Windows only executable. No joy for those who use thumb drives with a mix of systems.

The next big surprise there is no real physical security to the product. The reviewers were able to easily open the case and mode the hardware without losing access to the information on it. This allowed them to thoroughly investigate the software as it ran, revealing a few more scary surprises.

The big one was that they could de-couple the verification of the user’s password from granting access to the flash chips. Only a little less surprising is that the drive doesn’t use any sort of encryption, meaning all you have to do is circumvention the password once, which with the ease of blue wiring the board means this product should never have been certified for the uses the article indicates.

There are more details in the article that would be useful for assessing other products, even if this one doesn’t really live up to any reasonable claim of security.

Leave a Reply

Your email address will not be published. Required fields are marked *