Kingston Technology is recalling certain models of its DataTraveler secure USB flash drives in order to update firmware on the thumb drives after a security company found a flaw that could allow a hacker to gain access to the user's password.
On its Web site, Kingston stated that "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data contained on" some Kingston Secure USB drives.
According to Kingston, the security flaw involves the way the drive processes the password. German security company SySS GmbH apparently created a script that revealed the password authentication method.
A Kingston spokesperson said the company could not comment on any specifics surrounding the security flaw as "anything we say gives other hackers fuel and clues" as to how to break into the drive's security features.
The affected models include the DataTraveler BlackBox; DataTraveler Secure --Privacy Edition; and DataTraveler Elite -- Privacy Edition.
Currently, owners of the drives are being directed to a the company's drive update site for information about returning the drives or updating the firmware.
Lucas Mearian covers storage; disaster recovery and business continuity; financial services infrastructure; health care IT for Computerworld . Follow Lucas on Twitter @lucasmearian , send e-mail at firstname.lastname@example.org or subscribe to Lucas's RSS feed .
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.