IronKey Unveils Self-Destructing USB Flash Drive

fysdt writes to share that IronKey has released a USB flash drive with self-destruct capability. Specializing in "secure flash drives," IronKey has launched the S200 aimed at government and enterprise customers, "featuring hardened physical security, the latest Cryptochip technology, active anti-malware and enhanced management capabilities. It's the 'first and only USB storage device to achieve FIPS 140-2, Level 3 validation' and delivers advanced Cryptochip featuring AES-256, tamper-resistance and self-destruction circuitry."

Re:Nerdgasm

[afidel]

You're impressed that they coated the circuit board with black epoxy? The only impressive thing about that is they use so little power that heat transfer isn't an issue.

Encryption is just as good as self destruction

[basementman]

What's the point of having it self destruct? Encrypt any old flash drive with True Crypt and you have accomplished the same thing at a much lower price. Want to destroy the data? Hit yourself on the head with a crowbar, making you forget the password. Problem solved.

24's Cloe O'Brian

[SolarStorm]

would have this cracked in no time (at least withing the timeframe of one episode) From what I have see her do, no encryption is safe for more than 41 minutes

Re:What a bad idea

[NecroPuppy]

Correct.

In many branches, they are currently banned, largely because of the viral vector issue.

Ironkey also supports Linux!

[AMuse]

I'm using an Ironkey at work (have been for about 2 years now) and the thing has been rock solid. However, the main reason I selected it is that it's the only key that I've had the opportunity to trial which is both FIPS 140-2l2 compliant *AND* supports Linux.

I use it with WinXP and MacOSX daily and yes, they do ship with "alpha" Linux drivers. Not full support like Win* but enough to read and write the encrypted data, which is all I really use.

Although the company claims that you can now "initialize" a key on MacOS, all the versions I've used required an initial bootstrapping under Windows before being cross-platform usable.

Re:Where's the market?

[pjt33]

Maybe there's some straightforward* way to hack your USB drivers so that the only devices they support are self-destructing drives, but if not then I'd prefer any computer with data sensitive enough to need this drive not to have the ability to mount any USB drive. You just need to look at the British civil service to see what happens when it's possible to dump your database to an unencrypted physical medium and then leave it on the train / lose it in the post.

For security-conscious home users it's great. For government / enterprise users you need methods of transfer which the sysadmin can lock down.

* Emphasised because I don't need to be told that if you use Linux you can obtain the source and break it to your heart's content.

unvi

[kaoshin]

I understand thinkgeek and slashdot are sister companies, so this post is more of an ad, but is the only thing different here the revision or level of certification, or is there something else newsworthy on this from a tech standpoint? Ironkey has been on thinkgeek for like a year, and the self destruct and other features have all been in this product for a long time.

Re:Ironkey also supports Linux!

[AMuse]

It practically doubles the cost of the drive if you're a standalone user with no job involving computers; for me, it was very easy to go over to my officemates' desk and initialize it on his Windows machine.

Also, I did a pretty good amount of work using the IronKey inside a VM. Using VMWare Fusion in MacOSX Leopard and a Windows XP VMWare image, I was able to mount the key inside the Windows image and do an initialization successfully. One thing I did notice was that when doing so, it would always unmount my ipod from the VM, which was a bit odd.

Re:Encryption is just as good as self destruction

[mlts]

The advantage of having it drop access to the data after a certain amount of tries is the same reason people use cryptographic tokens -- brute forcing a passphrase becomes a non issue.

There is another feature of the IronKey that isn't mentioned -- encryption on a machine, say at a student computer lab, but without requiring administrative rights to access the data. A lot of schools disallow admin access, and this is required to mount virtual volumes (TrueCrypt, BestCrypt, PGP, etc.) Having software to allow access to the drive that never needs to leave user space is a good thing in these cases.

IronKey does have a market. Especially for students at larger universities where there are people who lurk in the 24 hour computer labs just looking for a USB flash drive to steal. With a stolen USB flash drive, they can either sell the done homework, or if someone has a paper for a popular class that isn't turned in, actually take the word processing document and call it theirs. The downside is that the distinctive metal case does lure thieves, but the user has to figure out a balance. To the user, is the data on the drive worth the price premium, especially if the data can be used by a thief or extortionist? This applies to faculty too. I'm sure there are those who would be more than happy to sell any test or quiz data that was gleaned from a USB flash drive swiped from a faculty lab.

Another use for these USB flash drives is delivering to a customer something extremely confidental (such as TrueCrypt keyfiles or one time pads) that will be used for future communication of large volumes of data. For example, the customer gets the passphase from a rep, while a secure courier drops off the IronKey. This way, the data never crosses the Internet.

Re:Encryption is just as good as self destruction

[SixGunMojo]

Not even close my friend. I've been using one for >18 months and I'll just hit the high points. First there are 2 chips in the Ironkey. The first is a hardware based encryption chip and the second is the actual flash drive. The data on the drive is always encrypted. Also the first won't even mount the second without the proper password (mine is 17 nums, chars, and letters long). You have 10 tries to guess that or the drive destroys all the data. In addition the epoxy they seal them with insures that any attempt to get to the actual flash chips a) damages them heavily and b) also triggers the self-destruct. The second biggie is the on-board browser and identity manager. This gives you the ability to securely surf the web from any computer (I even use mine on my computer whenever I am doing anything financial) and if you are feeling really paranoid you can toggle tor with one click and/or configure Privoxy. The identity manger also allows you to log into sensitive sites without worrying about keystroke loggers. If you really want to see how hardcore this drive is I would suggest you visit their website. To paraphrase an OpenBSD motto: Ironkey the flash drive for the practical paranoid!

Re:Nerdgasm

[bill_mcgonigle]

"The only USB key to be banned by the TSA" -- product advertisement

Come now, the Swiss Army Flash Knife [thinkgeek.com] is most certainly considered a WMD by the goon squad.