H
28

TIL that $80 'encrypted USB drive' I bought was just a regular drive with software

I picked up what I thought was a hardware-encrypted USB from a random brand on Amazon. Turns out it was just a $10 Kingston drive loaded with free encryption software that I could have gotten myself. Anyone else get tricked by fake hardware security features?
2 comments

Log in to join the discussion

Log In
2 Comments
noahs82
noahs8225d ago
Yeah right? Got burned the same way. That "military grade encryption" sticker meant nothing. I opened it up and it was just a cheap PCB with a preloaded VeraCrypt installer. Now I only buy drives from companies like Kingston or SanDisk that specifically say "hardware encryption" in the chip specs. Also look for a FIPS 140-2 certification number if you actually need the real deal.
0
ryan_carr59
Good point @noahs82, but just a small thing I'd tweak - FIPS 140-2 certification isn't always what people think it is. It mostly tests the encryption module itself, not the whole drive's security. You can have a FIPS 140-2 chip but still get hit by firmware hacks or bad implementations. I've seen drives tout that cert but their random number generator was weak sauce. It's a good starting point for sure, just don't let it be the only checkbox you look at. Hardware encryption from known brands like you mentioned is a much safer bet in my experience. Your mileage may vary depending on your threat model.
4