In addition, the exploitation of certain vulnerabilities requires specific skills and resources. Full break: Vulnerabilities that can get an attacker access to information on any drive of the same model.Single-drive break: Vulnerabilities that allow an attacker to hack just one particular drive.Weaknesses: Issues that make further hacking process easier.For a start, researchers divide security issues into three categories: That’s why researchers are proposing developing new audit methodology specifically for evaluating the security of encrypted USB drives.
And as you can see below, some encrypted USB drives pass certification but are still vulnerable to attacks - sometimes even the easy ones.
But it’s not enough not every possible attack vector is covered by FIPS 140. The certification involves a cryptographic security disclosure and validation process.Īs the researchers put it, keeping certification current is important because disclosed information helps them figure out possible issues. Researchers say that at present, secure USB drive manufacturers are following the FIPS 140 certification standard, which was developed by NIST (the National Institute of Standards and Technology) for all kinds of cryptography modules, both hardware and software. How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “ Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat USA 2017. KasperskyPremium Support and Professional Services.KasperskyEndpoint Security for Business Advanced.KasperskyEndpoint Security for Business Select.
0 kommentar(er)
