Abstract As storage capacity increases due to development of flash memory techniques, use of USB memory has increased. As use of USB memory increases, violations of privacy and company confidentiality and technical information leakage occur more often. In this context, use of USB memories that provide security functions to protect the data in them is increasing. Most USB memories are equipped with basic security functions offered by the USB flash drive controller (hereafter called the “USB controller”). However, USB-controller-based security functions have several vulnerabilities. This paper explains how security functions can be bypassed using USB controller commands and presents the design and implementation of a secure USB bypassing tool that bypass the USB security functions.