How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat USA 2017.
Researchers say that at present, secure USB drive manufacturers are following the FIPS 140certification standard, which was developed by NIST (the National Institute of Standards and Technology) for all kinds of cryptography modules, both hardware and software. The certification involves a cryptographic security disclosure and validation process.
