vacancies advertise contact news tip The Vault
facebook rss twitter

How secure is the Genie inside the disk?

Tags: iStorage

Quick Link: HEXUS.net/qa2pt

Add to My Vault: x

diskGenie, the first USB hard drive product to be awarded the government’s CESG Claims Tested Mark (CCTM) certificate, has retained its credentials as one of the most secure portable hard drives available following a failed hacking attempt. The award winning* device is the flagship product of iStorage, a leading specialist in portable storage and digital encryption.

diskGenie features a robust, compact, shock-proof design and combines ATM style PIN code access with 128 or 256-bit AES hardware encryption to ensure information is completely secure, even if the drive is removed from its enclosure. To put diskGenie to the ultimate test, iStorage ran an experiment with a renowned Dutch hacker to find out if he could break into the device and get access to the encrypted data.

After numerous failed attempts it came to light that diskGenie is the only portable hard drive the hacker has ever failed to hack. Instead, he offered a couple of ‘theoretical’ suggestions in which he felt it might be possible to hack it, but was unable to attempt them himself. The suggestions included an ‘Evil Maid Attack’ and ‘De-capping the PIC’ but the iStorage technical team have since concluded both to be invalid.

‘Evil Maid Attack’ - this approach could apply to almost any device or computer, but it is much easier with devices that require the PIN to be entered on a keyboard as both hardware and software key loggers can be used. Adding a key logger to the diskGenie is very technical and highly improbable. Even if an individual had the required knowledge to develop the key logger device, many conditions would still need to align for the attack to be successful including gaining access to the drive twice; knowledge of the contents of the drive; and the ability and skill to access the PCB without damaging it or the enclosure.

‘De-capping the PIC’ - only somebody highly motivated, technically advanced and with vast resources would attempt this as a last resort because the integrity of the encryption key and design would likely be destroyed in the process. Even assuming an attacker was properly motivated and equipped, they would still need intimate knowledge of where and how the key is stored inside the PIC. Furthermore, even if they were able to find the location, they would quickly discover that the stored key is ‘hashed’ and have no value whatsoever, meaning this scenario can also be completely discounted as viable.

John Michael, Managing Director of iStorage commented, “Any secure product can be hacked in ‘theory’ but it is very different in the real world. We are completely confident that no hacker will be able to gain access to the diskGenie without the correct PIN code. Having already been awarded the government’s seal of approval with the CESG Claims Tested Mark (CCTM) award, we are now considering either FIPS or CAPS accreditation to further enhance the product’s security credentials.”