Lexar JumpDrive Password Scheme Cracked

By Derek Sooman on September 15, 2004, 11:47 AM
The Lexar JumpDriveŽ Secure USB Flash Drive is described as having security as a key feature - thus the name. "The pre-loaded security software means that your information will be subject to password-protected 256-bit AES encryption. Lost or stolen, your data is safe." Buy one of these babies and your data is secure? Think again. Slashdot have something else to say. According to a security advisory here, that claim is total rubbish.

"The password can be observed in memory or read directly from the device, without evidence of tampering." And best of all, the punch line: "[The password] is stored in an XOR encrypted form and can be read directly from the device without any authentication."

IMHO, people should stop bounding words like "secure" about. There is no such thing as "secure" in the computer world, unless its a closed system buried 100 feet underground. And it looks like one of these Lexar devices is far from "secure".

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.