The flawed drives utilize software for authentication by providing the mechanism for entry of a password via the host computer keyboard and/or mouse.  The string is then passed to the USB encryption controller so that the data can be decrypted. The issue with the flawed drives was not with the encryption or with the physical devices, it was with this software that passes the authentication from the host computer to the USB flash drive.

This begs the question…why use secure USB flash drives that involve software at all for authentication???  Even the drives that were not proven to be susceptable to this particular flaw could potentially be susceptible to a different type of hack.  To say that a new hacking method might not be conceived in the future to attack the other drives that utilize software for authentication would be short sighted.

The Classified Secure Flash Drive (and all products in the Classified Family) utilizes DataLock PIN Protection, which does not communicate with the host computer AT ALL during authentication.  Authentication can only be completed by pressing the buttons on the drive in-hand (or the scroll wheel in the case of SafeMouse). 

With critical data, why take the risk of a potential software hack when this avenue can be eliminated altogether with a PIN pad protected drive?

J. Tate

A clip of the interview can be seen here, CNBC clip, but the surprising content was in reference to a question concerning how people use Google, and is as follows:

“I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines — including Google — do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”

These comments can be taken a few different ways.  One of which is that we should not be doing any actions at all that we wouldn’t otherwise be doing if someone were watching us.  Bruce Schneier provides an outstanding response to this view in his blog, where he equates true liberty as being security without intrusion plus privacy, and writes that if everything we do is observable and recordable we lose our individuality.

I tend to think that Eric Schmidt meant that if there is something that we don’t want to be public, we shouldn’t be doing it on the Internet in the first place.  Since Google revenues were nearly $22 billion last year from people using the Internet, I can understand the omission, and I will leave others to debate whether or not Google should provide its users an option to opt-out of the tracking mechanisms it has in place or whether this tracking data should be retained in the first place.  But the fact that the CEO of the largest Internet company in the world made this statement is very significant- we should not enter anything on the Internet that we may not want to be made public now or at some point in the future. 

We often take for granted that pictures, videos, financial records, text messages, email, bank account data, passwords, etc. are safe within the organizations that house the data, but this just isn’t the case.  Hackers access servers, servers crash, programming errors occur, employees can’t always be trusted, and the government can have access to information with a proper warrant.  Don’t just take it from me, ask Eric Schmidt.

By the way, the issues stated above are the main reasons why we at Black Box Innovations developed the Classified family of products- to help people easily secure, backup and store the things that matter.

-John

Use cases for police use of USB flash drives range from department to department: from each officer carrying a flash drive to backup records and data entered within their vehicle laptops; to executive officers using them for storing planning presentations; to using the drives to store public building maps(!).

The issue is that USB flash drives are extremely convenient- the drives are small in size, easy to use, and move data files quickly, BUT, inevitably, they also tend to get lost.  Whether they fall out of pockets, are left stuck in computer USB ports, or are just taken by a co-worker needing it at the time, they get lost.  There are many cases where officials have lost a flash drive and this data has been made public.  We should be more concerned about the lost drives that are not made public and fall into the wrong hands.  Our police departments have a lot of information that needs to stay private for public safety.

The solution is an easy one- it just deserves a little more focus now from police departments.  Highly secure USB flash drives are now readily available.  The security includes 256-bit AES encryption, hardware encryption controllers, and anti-hack measures.  Drives such as Knox-IT and the Classified Secure Flash Drive also feature DataLock, which has a PIN pad on the drive itself, making it immune to keyboard loggers and computer-based hacking attempts.

Our police gain greater efficiency with the use of USB flash drives, which in this line of work can literally mean life or death.  Now the data that resides on the flash drives just needs some care. 

J. Tate

Black Box Innovations will be featured in the Emerging Technologies Pavilion…
Come see us!  This is our first show with D&H and we think you will like what you see.

This show will feature our newly launched Classified Secure Flash Drive.  Perfect for both businesses and consumers that want simple to use, but unparalleled security.  More on this product later.