Secustick is a 1 GB ‘super-protected USB stick’, apparently approved by the French intelligence service, and several banks and financial institutions.

Well, surprise, it’s been hacked. So much for that $170-a-pop bastion of safety. The attack seems fairly straight-forward. At least with a smartcard based design, you know the bar is considerably higher for physical attacks!

Amazingly, the stick also repeateda mistake with the original Java keystores (and later fixed with the JCEKS stores), where passwords served as gate keepers and the content was stored in the clear. Do we never learn?