The National Institute of Standards and Technology (NIST) is investigating a
set of serious security vulnerabilities in supposedly secure USB flash drives
revealed by a German security firm last week.
The flaws — which affects drives sold by several manufacturers, including
Kingston, SanDisk and Verbatim — could allow an attacker to read the data on a
drive encrypted with the government-recommended 256-bit Advanced Encryption
Standard. However, the flaws are not in the encryption modules validated by the
U.S. government, but in the software that authorizes decryption, according to
NIST’s preliminary findings.