Forgot your password?
typodupeerror

IronKey Unveils Self-Destructing USB Flash Drive 191

Posted by ScuttleMonkey
from the better-than-having-to-eat-it dept.
fysdt writes to share that IronKey has released a USB flash drive with self-destruct capability. Specializing in "secure flash drives," IronKey has launched the S200 aimed at government and enterprise customers, "featuring hardened physical security, the latest Cryptochip technology, active anti-malware and enhanced management capabilities. It's the 'first and only USB storage device to achieve FIPS 140-2, Level 3 validation' and delivers advanced Cryptochip featuring AES-256, tamper-resistance and self-destruction circuitry."
This discussion has been archived. No new comments can be posted.

IronKey Unveils Self-Destructing USB Flash Drive

Comments Filter:
  • by basementman (1475159) on Monday July 13, 2009 @05:16PM (#28682769) Homepage
    What's the point of having it self destruct? Encrypt any old flash drive with True Crypt and you have accomplished the same thing at a much lower price. Want to destroy the data? Hit yourself on the head with a crowbar, making you forget the password. Problem solved.
    • didn't you just read the slashdot front page news that they can hack your brain now? god... pay attention. This is an anti brain hacking device.
    • Re: (Score:3, Interesting)

      Hit yourself on the head with a crowbar, making you forget the password. Problem solved.

      Maybe the information-hiding-people don't want to potentially allow themselves to be subjected to information-gathering techniques (*ahem* torture) by knowing the password. It's easier to just have the data destroyed after a certain period of time. Once it's gone, you don't have to forget a password and you don't have any password to be persuaded to remember?

    • by Cyberax (705495) on Monday July 13, 2009 @05:23PM (#28682871)

      Encryption can easily be beaten by thermorectal cryptoanalysis (http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis).

    • by gapagos (1264716) on Monday July 13, 2009 @05:29PM (#28682965)

      didn't xkcd [xkcd.com] teach you anything about encryption?

    • So you think that will make the evil ones stop torturing the password out of you? They'll use that same crowbar to make you remember it! ^^

      (Interlude: WTF. I have my adblocker disabled for the first time in months, and the first thing I see, is an Ironkey banner. Truly a slashvertisement.)

      The point is, that the keyfile on your USB key is encrypted with your password. So if you destroy the keyfile, which would open your encrypted safe, your password gets useless. You could scream it to the whole world. It wouldn't matter. Nobody could open that thing now. Not even you.

      And that is why you never let someone know that you want access to his system. ^^
      Just use a keylogger, or a trojan horse, and be good. Become a cleaning person in that place. Or gain some trust otherwise.
      If you need it: There are some internal CIA agent training manuals on the net, that can teach you this. Or if you can speak Russias, I recommend some Russian forums. ^^

      • WTF. I have my adblocker disabled for the first time in months, and the first thing I see, is an Ironkey banner. Truly a slashvertisement.

        You're commenting on it. Didn't you realise?

    • by mlts (1038732) * on Monday July 13, 2009 @07:59PM (#28684597)

      The advantage of having it drop access to the data after a certain amount of tries is the same reason people use cryptographic tokens -- brute forcing a passphrase becomes a non issue.

      There is another feature of the IronKey that isn't mentioned -- encryption on a machine, say at a student computer lab, but without requiring administrative rights to access the data. A lot of schools disallow admin access, and this is required to mount virtual volumes (TrueCrypt, BestCrypt, PGP, etc.) Having software to allow access to the drive that never needs to leave user space is a good thing in these cases.

      IronKey does have a market. Especially for students at larger universities where there are people who lurk in the 24 hour computer labs just looking for a USB flash drive to steal. With a stolen USB flash drive, they can either sell the done homework, or if someone has a paper for a popular class that isn't turned in, actually take the word processing document and call it theirs. The downside is that the distinctive metal case does lure thieves, but the user has to figure out a balance. To the user, is the data on the drive worth the price premium, especially if the data can be used by a thief or extortionist? This applies to faculty too. I'm sure there are those who would be more than happy to sell any test or quiz data that was gleaned from a USB flash drive swiped from a faculty lab.

      Another use for these USB flash drives is delivering to a customer something extremely confidental (such as TrueCrypt keyfiles or one time pads) that will be used for future communication of large volumes of data. For example, the customer gets the passphase from a rep, while a secure courier drops off the IronKey. This way, the data never crosses the Internet.

      • Re: (Score:3, Insightful)

        by afabbro (33948)

        Especially for students at larger universities where there are people who lurk in the 24 hour computer labs just looking for a USB flash drive to steal. With a stolen USB flash drive, they can either sell the done homework, or if someone has a paper for a popular class that isn't turned in, actually take the word processing document and call it theirs.

        Sorry, but I have to call nonsense on this. Sure, there are people who steal flash drives. They get the drive, and that's benefit enough - any electronic dividends are just icing.

        But to posit that there are people who specifically look to steal USB drives so they can sell the done homework (do they take orders? is there a clearinghouse?) or by wild coincidence exploit the tiny window between a paper being due and a student writing it (which is no more than 24 hours most of the time!) coupled with the coi

        • Back in the day, people would dumpster dive for printouts of other student's code. So yes, if someone happened across a flash drive with completed homework on it, they might try to use or sell the information.
      • by mgblst (80109)

        Oh yes, the huge multi-billion dollar industry of reselling average student work, and the resale of cheap and small USB drives. No doubt this is an organization run by terrorists.

    • by w0mprat (1317953)
      You miss the obvious point. Keys can be stolen and copied, thus it's useful to destroy data, especially when it is no longer required buy still sensitive.

      Keys have to be typed in by protein popsicles and they have to be stored in notoriously vulnerable meat-space neural processors which so far, nobody is interested in patching.
    • Re: (Score:2, Informative)

      by SixGunMojo (177687)

      Not even close my friend. I've been using one for >18 months and I'll just hit the high points. First there are 2 chips in the Ironkey. The first is a hardware based encryption chip and the second is the actual flash drive. The data on the drive is always encrypted. Also the first won't even mount the second without the proper password (mine is 17 nums, chars, and letters long). You have 10 tries to guess that or the drive destroys all the data. In addition the epoxy they seal them with insures that any

      • Re: (Score:3, Insightful)

        The identity manger also allows you to log into sensitive sites without worrying about keystroke loggers.

        If there is a hardware keystroke manager on a machine that you plug the ironkey into, or even a USB data monitor, your IronKey password is their's.

        If a machine is compromised, and you plug this into that machine, your data is compromised as soon as you unlock it.

    • But not any old TrueCrypted flash drive has a brushed aluminum case. This is the kind of drive Jack Bauer would swing through the air to bludgeon a terrorist.
    • True Crypt will work -for now-. Can you tell me that it won't be broken 5 years from now? 20? 50? What guarantee do you have that the encryption used today won't be utterly worthless decades from now? Because after all, we've all seen that encryption methods in the past haven't been defeated by new technology and such.

      So the thumb drive containing whatever extraordinarily sensitive information sits in someone's "to be unencrypted" pile for a dozen years or so. If I had ridiculously sensitive informati

    • Maybe anyone not wanting that the data be legally maneuvered in terms of company usage, like a court order forcing you to reveal the password might be useless in this case, as for TrueCrypt, there is a known backdoor in that industry, and such is used for counter measures to pedophiles right now in court cases, which is a sort of bug if you will with the way the drive is encrypted and the hashed password is saved somewhere on that same drive, or so I have heard.

  • Rip-off (Score:3, Funny)

    by Anonymous Coward on Monday July 13, 2009 @05:17PM (#28682771)

    why would i pay $199 for that when i could buy a cheap USB drive and a hammer to break it with for less than $10?

  • Where's the market? (Score:3, Interesting)

    by religious freak (1005821) on Monday July 13, 2009 @05:17PM (#28682777)
    Funny, instead of paying extra, I'd just use a hammer, or a desk drawer, or if in a real pinch my two hands to break the thing apart. Unless you're James Bond, I don't see how most folks would need any more than this, and if they do need more, they already have it.
    • by hedwards (940851)
      But that's who this is geared towards. The people that are carrying around data that is incredibly sensitive. Why these people are carrying it around on a thumb drive is a much bigger question, really, if you don't want it cracked, you shouldn't be carrying it on a portable easily lost/stolen medium.
      • by LWATCDR (28044) on Monday July 13, 2009 @05:34PM (#28683029) Homepage Journal

        How would you transport a few gigabytes to a new location?
        FTP?
        External HD.
        DVD?
        And very large number of floppies?
        I take my source code home with me on a USB drive. I currently encrypt it but I could see this being even better.

        • Re: (Score:3, Informative)

          by pjt33 (739471)

          Maybe there's some straightforward* way to hack your USB drivers so that the only devices they support are self-destructing drives, but if not then I'd prefer any computer with data sensitive enough to need this drive not to have the ability to mount any USB drive. You just need to look at the British civil service to see what happens when it's possible to dump your database to an unencrypted physical medium and then leave it on the train / lose it in the post.

          For security-conscious home users it's great. F

          • by mlts (1038732) *

            The closest solution for this on an enterprise basis would be Windows 7 and BitLocker To Go. Set a policy that USB flash drives are either not accessible, or read-only until they are encrypted with a passphrase. PGP Universal also has this functionality.

        • I vote for the floppies. How about 5.25" 360k. 3 to 9 thousand of them!
          How many people can read those nowadays?

        • Re: (Score:3, Funny)

          by Abreu (173023)

          How would you transport a few gigabytes to a new location?
          FTP?
          External HD.
          DVD?
          And very large number of floppies?
          I take my source code home with me on a USB drive. I currently encrypt it but I could see this being even better.

          I am partial to the classic solution: Microfilm in a hollow tooth

        • by mlts (1038732) *

          This falls under the "never underestimate the bandwidth of a station wagon full of tapes hurtling down the highway" category. With a lot of WAN Internet connections, it is a lot faster to carry a flash drive with your 8GB of data on it, than to download it from remote, especially if someone is often using different machines (student computer lab, for example.)

        • by zoloto (586738)
          upload it to ftp and let the world mirror it for you
    • Maybe if they lost it and thus can't reach it with a hammer? :)
    • by LWATCDR (28044)

      Actually a hammer may not be good enough. There are some very strict rules for medical records and financial data that this could be useful for.

    • The Market (Score:5, Insightful)

      by NotQuiteReal (608241) on Monday July 13, 2009 @05:37PM (#28683073) Journal
      Like most things, if you have to ask "who needs this?", the answer is not you.

      Personally, there are a great number of wildly popular products for which I am not in the market.
      • Like most things, if you have to ask "who needs this?", the answer is not you.

        The question is more "is this snakeoil" and "what attacks does it work against". In this particular case, the product does nothing to prevent key-logging attacks, and once the attacker has the password, your data is at their fingertips.

        I would be much more interested to see an external product requiring the entry of a PIN before you could access the data. It would be a lot harder to hack the unit to intercept the PIN witho
    • Unless you're James Bond, I don't see how most folks would need any more than this

      There are all kinds of legal environments, outside of national security, where you need better certainty of destruction of data than "it looked broken to me" (e.g., HIPAA).

      and if they do need more, they already have it.

      Maybe, maybe not. Places that are subject to rules that would require additional security sometimes simply don't do particular things that might be useful from an operational convenience perspective since the to

    • by TarrVetus (597895)

      Funny, instead of paying extra, I'd just use a hammer, or a desk drawer, or if in a real pinch my two hands to break the thing apart. Unless you're James Bond, I don't see how most folks would need any more than this, and if they do need more, they already have it.

      I think using brute force to get into the IronKey drive would be a very bad idea. ThinkGeek sells an older version [thinkgeek.com] of the product the article covers, and even it had some pretty effective measures against breaking it apart.

      Passwords can be hacked, but not the IronKey. It's built to withstand attacks both virtual and physical. 10 incorrect password attempts, and the encryption chip self-destructs, making the contents of the flash drive totally unreadable. The contents of the drive are filled with epoxy, s

  • Flash drives are a big no-no in the federal government and military. If something is so sensitive that it needs this kind of encryption wrapped in dynamite, then it should not be walking around on a USB drive. Dumb dumb dumb.
    • Re:What a bad idea (Score:4, Informative)

      by NecroPuppy (222648) on Monday July 13, 2009 @05:45PM (#28683183) Homepage

      Correct.

      In many branches, they are currently banned, largely because of the viral vector issue.

    • Re: (Score:3, Interesting)

      by ChaoticCoyote (195677)

      Flash drives are a big no-no in the federal government and military. If something is so sensitive that it needs this kind of encryption wrapped in dynamite, then it should not be walking around on a USB drive. Dumb dumb dumb.

      True... but not everyone who requires security is a government spook. For most of us non-spooks, this thing has merit.

  • No retina scan authentication? LAME
  • Smoke (Score:5, Funny)

    by wjousts (1529427) on Monday July 13, 2009 @05:29PM (#28682955)
    This better emit a puff of smoke when it self-destructs or I'm not buying it. It doesn't matter if the smoke is only for show.
    • Bonus points when you can either
      A) kill an attacker because it also is a nerve gas
      B) use it as an antidote against a truth serum
      C) kill yourself when in risk of being captured
      D) all of the above.

      .
      .
      .

      Sadly, in reality, a good attack would mean, that you did not even notice that your system is compromised, and never would.

  • by AMuse (121806) <slashdot-amuse@NOsPAM.foofus.com> on Monday July 13, 2009 @05:53PM (#28683277) Homepage

    I'm using an Ironkey at work (have been for about 2 years now) and the thing has been rock solid. However, the main reason I selected it is that it's the only key that I've had the opportunity to trial which is both FIPS 140-2l2 compliant *AND* supports Linux.

    I use it with WinXP and MacOSX daily and yes, they do ship with "alpha" Linux drivers. Not full support like Win* but enough to read and write the encrypted data, which is all I really use.

    Although the company claims that you can now "initialize" a key on MacOS, all the versions I've used required an initial bootstrapping under Windows before being cross-platform usable.

    • by CuriHP (741480)

      I bought one a couple months ago and was able to initialize it just fine on a Mac.

  • unvi (Score:3, Informative)

    by kaoshin (110328) on Monday July 13, 2009 @05:59PM (#28683371)
    I understand thinkgeek and slashdot are sister companies, so this post is more of an ad, but is the only thing different here the revision or level of certification, or is there something else newsworthy on this from a tech standpoint? Ironkey has been on thinkgeek for like a year, and the self destruct and other features have all been in this product for a long time.
    • by adona1 (1078711)
      That was my first thought when I saw this story on my RSS feed. Maybe this is a small update to the product, but still, unless it also gives electric shocks or sexual favours, hardly worth a /. story.
  • by webheaded (997188)
    This is such old news that it's ridiculous. Furthermore, this is a ridiculously overpriced toy that breaks itself. No thanks...if I have data that someone wants to hack by opening up my thumb drive, then I shouldn't be carrying it on a thumb drive in the first place. Everything else this is just ridiculous and expensive overkill.
  • by Neanderthal Ninny (1153369) on Monday July 13, 2009 @06:23PM (#28683615)

    The new version of the Mission Impossible self-destructing tape player.
    However, how many spoofs has been made to this "self-destruction" capability so I wonder what if your USB key self-destructs accidentally in your pants pocket will it fry your gonads.

  • Thermite (Score:3, Insightful)

    by Dr_Barnowl (709838) on Monday July 13, 2009 @06:49PM (#28683871)

    I keep wanting to build a flash drive with a thermite filler and some kind of rip-strip fuse that you could just yank on hard to set it off.

    No offence to IronKey, but how do you know that it's really, really, destroyed your data beyond recovery? Maybe it just locks out the disk controller. A small heap of smouldering slag is much more definitive.

    Now, if you could combine the thermite with their remote wipe protocols......

    • Not possible.

      The thermite reaction has an activation energy of 145 kJ/mol for 8Al-3Fe2O3 thermite. USB2 device charging spec (highest power output) provides a maximum 9 J/s

      You might get it working with a series of exothermic reactions but it would become bulky, and with that low an energy input to work with you're more likely setting it off leaving it in a car on a hot day.
    • Maybe it just locks out the disk controller.

      This is a FLASH drive. There are NO movable parts in a Flash Drive.
      All IronKey needs to do is to draw a sudden more power from USB port to fry the circuits. Of course a surge would cause a system reboot or probably crash a non-CoolerMaster PC.

  • A hacker challenge (Score:5, Insightful)

    by RobertLTux (260313) <robert@laurenceP ... minus physicist> on Monday July 13, 2009 @07:01PM (#28683995)

    what iron key should do is go to DEFCON with a bunch of these drives and then run a contest

    If you can crack the drive you get some obscenely large amount of money
    how to run the contest fairly

    have the contents of the drive detail how to get to an offshore account with the prize money

    So Ironkey how much you want to bet this key is "secure"

  • by e9th (652576) <e9th@tup[ ]x.com ['ode' in gap]> on Monday July 13, 2009 @07:01PM (#28684009)
    From IronKey's blurb:

    - Secure key management -encryption keys are born on the device in the Cryptochip and bound to the device
    - Hard-wired encryption key self-destruct defenses and electromagnetic shielding of the Cryptochip

    which I interpret as saying that only the key is wiped, while the actual data remains on the drive. If you've somehow managed to snarf the key before it was wiped, or if you're really cool and can break AES-256, you're good to go.

  • if it doesn't burn like a magnesium flare and leave nothing behind but ash, then I'm not happy : )
  • by Jamamala (983884)
    This thing can nuke itself from orbit?

    Impressive.
  • by PPH (736903)
    Wondows has had self destruct technology for years.
    • True. But the technology is still in BETA.
      That's why my Windows XP self-destructed on the day i was leaving for my vacation and [Win7] self-destructed once again just so to make my Kaspersky licenses quota fulfilled and i had to spend days waiting for kaspersky to reactivate them.

  • ...isn't it Zune?

Disclaimer: "These opinions are my own, though for a small fee they be yours too." -- Dave Haynie

Working...