Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Hacking Attempt Fails To Compromise USB Hard Drive

IStorage : 28 October, 2010  (New Product)
PIN code protected encrypted USB hard drive from iStorage undergoes extensive hacking attempt with the data remaining intact
diskGenie, the first USB hard drive product to be awarded the government's CESG Claims Tested Mark (CCTM) certificate, has retained its credentials as one of the most secure portable hard drives available following a failed hacking attempt. The award winning device is the flagship product of iStorage, a specialist in portable storage and digital encryption.

diskGenie features a robust, compact, shock-proof design and combines ATM style PIN code access with 128 or 256-bit AES hardware encryption to ensure information is completely secure, even if the drive is removed from its enclosure. To put diskGenie to the ultimate test, iStorage ran an experiment with a renowned Dutch hacker to find out if he could break into the device and get access to the encrypted data.

After numerous failed attempts it came to light that diskGenie is the only portable hard drive the hacker has ever failed to hack. Instead, he offered a couple of 'theoretical' suggestions in which he felt it might be possible to hack it, but was unable to attempt them himself. The suggestions included an 'Evil Maid Attack' and 'De-capping the PIC' but the iStorage technical team have since concluded both to be invalid.

'Evil Maid Attack' - this approach could apply to almost any device or computer, but it is much easier with devices that require the PIN to be entered on a keyboard as both hardware and software key loggers can be used. Adding a key logger to the diskGenie is very technical and highly improbable. Even if an individual had the required knowledge to develop the key logger device, many conditions would still need to align for the attack to be successful including gaining access to the drive twice; knowledge of the contents of the drive; and the ability and skill to access the PCB without damaging it or the enclosure.

'De-capping the PIC' - only somebody highly motivated, technically advanced and with vast resources would attempt this as a last resort because the integrity of the encryption key and design would likely be destroyed in the process. Even assuming an attacker was properly motivated and equipped, they would still need intimate knowledge of where and how the key is stored inside the PIC. Furthermore, even if they were able to find the location, they would quickly discover that the stored key is 'hashed' and have no value whatsoever, meaning this scenario can also be completely discounted as viable.

John Michael, Managing Director of iStorage commented, "Any secure product can be hacked in 'theory' but it is very different in the real world. We are completely confident that no hacker will be able to gain access to the diskGenie without the correct PIN code. Having already been awarded the government's seal of approval with the CESG Claims Tested Mark (CCTM) award, we are now considering either FIPS or CAPS accreditation to further enhance the product's security credentials."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo