In the years 2005 and 2006 the Dutch government was plagued by leakage of secure information due to the loss of USB sticks. In addition more and more important information is stored on USB sticks for
storage or transportation. Loss of these USB sticks often means loss of this information as well. In case of sensitive information it is important to prevent other parties to obtain this information. A possible solution to this problem would be to use secure USB sticks to store the sensitive information.
A number of manufacturers of USB sticks have created secure alternatives to the normal USB stick. The idea behind the secure USB sticks is that there is some form of authentication needed to obtain the data from the USB stick. In case a secure USB stick is lost it should not be a problem since the finder of the USB stick does not have the means to authenticate to the device and therefore can not obtain the information stored on the device.
Fox-IT tracked down a selection of the available so-called secure USB sticks on the market today and has taken a look at them to see if they are really as secure as the manufacturers claim they are. This
investigation looks at the ability of a selection of ‘secure’ USB sticks to prevent unauthorized access to the user data when the devices are lost or stolen. The devices looked at in this investigation are the
RiTech BioSlimDisk iCool, the RiTech BioSlimDisk v2.0, the Kingston DataTraveler Elite, the Kingston
DataTraveler Elite Privacy Edition, the Intuix S500, the MXI MXP Stealth, the SafeBoot Phantom and the Kobil mIDentity.
You can download the Fox-IT USB report here.