Forgot your password?
typodupeerror
Security Hardware IT

Self-Destructing USB Stick 223

Posted by samzenpus
from the secure-the-bits dept.
Hugh Pickens writes "PC World reports that Victorinox, maker of the legendary Swiss Army Knife, has launched a new super-secure memory stick that sounds like something out of Mission: Impossible. The Secure Pro USB comes in 8GB, 16GB, and 32GB sizes, and provides a variety of security measures including fingerprint identification, a thermal sensor, and even a self-destruct mechanism. Victorinox says the Secure is 'the most secure [device] of its kind available to the public.' The Secure features a fingerprint scanner and a thermal sensor 'so that the finger alone, detached from the body, will still not give access to the memory stick's contents.' While offering no explanation how the self-destruct mechanism works, Victorinox says that if someone tries to forcibly open the memory stick it triggers a self-destruct mechanism that 'irrevocably burns [the Secure's] CPU and memory chip.' At a contest held in London, Victorinox put its money where its mouth was and put the Secure Pro to the test offering a £100,000 cash prize ($149,000) to a team of professional hackers if they could break into the USB drive within two hours. They failed."
This discussion has been archived. No new comments can be posted.

Self-Destructing USB Stick

Comments Filter:
  • by unity100 (970058) on Tuesday March 30, 2010 @07:58AM (#31668664) Homepage Journal

    to 37 degrees celsius ?

    • Re: (Score:2, Insightful)

      by boef (452862)
      maybe next time they will have a team of professional cannibals have a go...
    • by jamesh (87723) on Tuesday March 30, 2010 @08:13AM (#31668772)

      Or alternatively, find someone the owner of the USB stick cares about and threaten to cut off that persons finger if the owner doesn't cooperate.

    • No detached fingers necessary. Many scanners can be fooled by "reactivating" the most recent fingerprint with the moisture in the exhaled air.

      And _really_ professional fingerprint scanners don't check temperature, they check blood oxygen saturation and pulse. That makes cutting of any appendages pretty much a non-issue - it's easier to fool the thing with a dummy finger (or the actual finger that's still attached to the unconscious or otherwise compliant owner) than trying to simulate blood oxygen saturatio

      • by jridley (9305) on Tuesday March 30, 2010 @08:26AM (#31668866)

        Not this one, it's a linear sensor, you have to swipe your finger over it, and it reads sequentially.

      • by fuzzyfuzzyfungus (1223518) on Tuesday March 30, 2010 @08:41AM (#31668988) Journal
        Just for curiosity's sake, I'm trying to think of how difficult that would actually be....

        Exposing blood to air gives your pretty decent oxygen saturation. Doing that for any great length of time is likely to cause clotting or other nastiness, so it isn't exactly an alternative to the "lung" side of "heart lung machine"; but this isn't medicine we are talking about, just fooling a sensor. In the same vein, the sensor isn't going to care about blood type, immune matching, or anything like that. Also, a finger doesn't have that much volume to in. A few CCs of fresh blood(from say, yourself, or the same guy you took the finger from), exposed to air for a few seconds, would be fine.

        Pulse could presumably be simulated with a low power pump(perhaps a small peristaltic unit), with its power supply being turned on and off at roughly the right frequency. I can't imagine that huge exactness is required, since the pulse rates of humans vary fairly widely with conditions, and people would be pissed if their fingerprint scanner doesn't work if they've just run up a flight of stairs, or are freaking out about the big presentation in 20 minutes.

        The real difficulty, or lack thereof, would really come down to the artery/vein structure of the finger. If you can get away with just connecting to a couple of big blood vessels and ignoring some minor leakage(since this is all temporary and nonmedical), an amateur willing to just shove a few little tubes in there should do fine. If the sensor can detect(and is tuned to care about) the details of the vascalature, you'd pretty much need a cooperative microsurgeon, a fancy microscope, and real surgical kit. That would probably be problematic for most applications.

        Obviously, the above would be a huge pain in the ass, even under good conditions, and is highly unlikely to be worth it(probably easier just to show the owner of the finger your pair of bolt cutters, and let him operate the scanner for you, unless you are in an environment where the cameras would pick up on that, in which case the above described apparatus could, quite plausibly, be fit down the sleeve of a not-too-suspicious garment).

        Perhaps more practical, I wonder how difficult it would be to produce a variant of the classic "gelatin finger with correct fingerprint" that reads as having oxygen sat and a pulse? Would one made of blood agar [wikipedia.org] return plausible results under optical oxygen saturation tests? If so, that's raise the bar from "supermarket" to "laboratory supply house"; but that wouldn't be too bad. For pulse, the question is "how complex does your simulated vasculature have to be?" Any decently competent modeler can probably mould a simple circulatory loop into a gel finger; but achieving an actual capillary structure is sci-fi self-assembling nanomaterials stuff...
        • Re: (Score:3, Insightful)

          by mcgrew (92797) *

          But why bother with all that Rube Goldberg crap when you can put a gun to his head and a knife at his crotch? "Put your finger on the scanner or we cut your balls off" would pretty much do it for anybody.

          • > when you can put a gun to his head and a knife at his crotch?
            > "Put your finger on the scanner or we cut your balls off"
            > would pretty much do it for anybody.

            Well, for roughly 50% of 'anybody' anyway... Just sayin'.

          • In the case of a device like this, no reason at all. "Just for curiosity's sake". Any attacker is either going to have basically zero access to the owner(the "found it 30 minutes after you dropped it somewhere public" case. Though, in that case, it would be hilariously ironic if the nice shiny plastic of which this device is made happens to store useful fingerprints much better than a slightly rougher finish that would have cost no more to produce...) or more or less root access(the "Mugging/abduction/you c
        • Re: (Score:3, Informative)

          by Ihlosi (895663)

          Exposing blood to air gives your pretty decent oxygen saturation.

          Only if you create a _huge_ surface area. Exposing a drop of blood to air doesn't saturate it at all. There's a reason why the inside of your lungs have a surface area about the size of a tennis court.

          Perhaps more practical, I wonder how difficult it would be to produce a variant of the classic "gelatin finger with correct fingerprint" that reads as having oxygen sat and a pulse?

          Much, much easier than trying the same with a detached finger.

        • Re: (Score:3, Interesting)

          Just do it like they did on mythbusters. Pull a print, make a thin copy, put it on your own thumb, swipe. Your body heat would work just as well.

          Hell, on CSI they managed to get prints from a bloated water logged corpse by cutting the fingers off, removing the bones, and using the finger meat as a glove.

          If you want to get in you'll get in.
        • Re: (Score:3, Informative)

          by Tekfactory (937086)

          Funny the story only says Fingerprint scanner and Thermal Sensor, but even thermal + pulse can be fooled by making the fake fingerprint very thin, and applying it to the end of your own finger, unless you don't have a body temperature and pulse.

          Mythbusters did it on the Crimes and Mythdemeanors episode, and I consider the fingerprint overlay patch, and Jamie's Marks-a-lot fingerprint enhancement to be improvements over the original $20 Gummy Bear attack from a Japanese researcher in 2002 that they were copy

        • You're thinking about the problem all wrong - you don't need to recreate the environment that the sensor expects, you need to deliver the response that it wants. Most blood oxygen and pulse sensors are merely combinations of LEDs and photosensors which look for the amount of light reflected back and track its variation.

          All you need to fool one of these is a gummy frog with an embedded LED that will provide the necessary feedback. Add a rubber cement cast of the subject's fingerprint and you're golden. Th

    • this could lead to a lot of fingers in the microwave. maybe the professional hackers should specifically label one of the microwaves in the break room severed fingers in THIS microwave only.

  • Two hours? (Score:5, Insightful)

    by mog007 (677810) <Mog007@g[ ]l.com ['mai' in gap]> on Tuesday March 30, 2010 @07:58AM (#31668668)

    Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?

    • Re: (Score:2, Insightful)

      by stupid_is (716292)

      But then you wouldn't be able to have a snazzy Press Release stating that professional hackers couldn't get into it.

    • Re: (Score:3, Interesting)

      by warGod3 (198094)

      The article didn't mention two things:

      * Was the "team of professional hackers" paid for NOT cracking this?
      * Was the "team of professional hackers" able to beat the security at all?

    • by syousef (465911)

      Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?

      Would you believe this much? Okay chief, this is top secret. Let's use the cone of silence.

    • Re:Two hours? (Score:5, Insightful)

      by spacerog (692065) <spacerog@@@spacerogue...net> on Tuesday March 30, 2010 @08:38AM (#31668966) Homepage Journal

      "At a contest held in London, Victorinox was offering a £100,000 cash prize ($149,000) to a team of professional hackers if they could break into the USB drive within two hours. They failed."

      Umm, they weren't Pros. The contest was open to anyone who preregistered and you got to keep the knife after the contest. Not only that there were several restrictions on the contest. First you have to live in the UK, preregister and you only get two hours. Because ya know the bad guys always tell you who they are and always give up after two hours. Oh, and you have to be present to win, no Internet based attacks, you can only use Windows 64bit or whatever Linux flavor they are providing and of course you have to give up your exploit if you win. All that and more for a measly hundred thousand pounds? Yeah, no thanks, but hey it makes for great publicity and it is a cool knife.

      So called "Hacker Challenges" are not a valid security assessment.

      - Space Rogue

      • by Andy Dodd (701)

        No logic analyzers? Scopes? Only two hours?

        Without a doubt, a stupid press stunt.

      • Re:Two hours? (Score:5, Interesting)

        by Rich0 (548339) on Tuesday March 30, 2010 @09:40AM (#31669626) Homepage

        Yup.

        Plus, if somebody did need to crack one of these within two hours of getting their hands on it with minimal equipment this isn't how they'd go about it.

        Step one for an attacker would be to go to a store and just buy a dozen of these USB drives. Then they attack the drives from home with a full machine shop, a clean room, electron microscopes, logic analyzers, FPGAs, and the works.

        Then they figure out how to defeat the devices defenses, and then package that up into a minimal set of tools and steps needed to accomplish the feat in a few minutes.

        Then when they steal the device they already know exactly what they're doing and it takes them no time at all.

        It would be like a bank robber deciding on a whim to break into a bank, without checking plans, casing the place, identifying the vault make/model, etc. Like anything, a quickly executed mission depends on good planning.

      • by COMON$ (806135)
        That is because it is all about proving a level of security, not calling something unbreakable. What they prove here is that it is not reasonable for any street thug to crack this sucker, it is up to the business professional to decide if that security is adequate enough for the data it is going to hold. The competition does what it is supposed to do. Release to the public and time will do the rest.
    • Re: (Score:3, Funny)

      by sorak (246725)

      Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?

      Exactly. You have 24 before Keifer Southerland kicks your ass.

    • by pz (113803)

      Presumably, if you had physical access to the drive, wouldn't you have more time to crack it than two hours?

      And presumably, you would consider the contents sufficiently important that you could practice cracking on a few spare copies. I have serious doubts that with sufficient time, physical access could be prevented, self-destruct mechanism or no. Self-destruct mechanisms require power, in the form of batteries or capacitors. Detecting separation of the case is one thing, detecting a very fine hole strategically drilled to disable the internal power supply (after a non-destructive x-ray inspection to figure o

  • by alexandre (53) * on Tuesday March 30, 2010 @08:01AM (#31668684) Homepage Journal

    I thought that we had stopped 10 years ago to consider such scam contest as serious security proof?

    • Nah, it still makes for a nice spectacle and PR piece.
      In reality the only use for pen testing is as a metric.

      • by bluefoxlucid (723572) on Tuesday March 30, 2010 @09:11AM (#31669292) Journal

        Seeing as I used to pen test; and we regularly raped the shit out of banks and utilities and gave them volumes to explain their complete and utter security failure AND methods to correct their gross incompetence; AND they had competent security teams that thanked us both for pounding issues they had found into their managers head AS WELL AS finding issues they had no prior knowledge of; AND we regularly got called back after a year for another pen test and found less, some of the same (not fixed), and some new issues; I have got to say that penetration testing is the only real way to test a system's real-world security.

        Seriously, you have the people sitting around coming up with all kinds of policies trying to secure a system. These are just theory. IIS is configured correctly, MySQL is configured correctly, we did a lot of ridiculous useless shit to lock down Windows and Linux (like deleting the swap file at shutdown, woo!). Everything's compliant, so it must be secure.

        Then you have people like me, sitting down, squinting, poking, prod--*FOOM!* .... oh shit o_o it asplode....

        • by HungryHobo (1314109) on Tuesday March 30, 2010 @09:27AM (#31669470)

          Oh I didn't say it was useless.
          My point is that pen testing doesn't secure your system.
          It only provides feedback as to how secure your system really is within a reasonable margin of error.

          If you test a system and find a hundred holes and hand over a neat list and they diligently go away and fix all the holes you found then their system is only marginally more secure than it was before.
          The systematic failures that lead to the problems being there in the first place are still there making more problems.
          The same crappy code is still there with a few patches.

          On the other hand if you do a full pen test and find no security holes or only a few minor ones then that's a decent indication that there are very few there at all.

          Pen testing is a fine way to test and be able to say "this system probably has very few problems" or "this system is utterly riddled with faults" but pen testing is an awful way to actually secure your system.

          At best pen testing can show blinkered managers that they need to pay some attention to security and in that one case may help to actually improve security.

    • by elrous0 (869638) *
      You mean Samsonite luggage ISN'T indestructible?!?!?
  • Thermal sensor? (Score:5, Insightful)

    by zmotula (663798) on Tuesday March 30, 2010 @08:01AM (#31668686) Homepage

    The Secure features a fingerprint scanner and a thermal sensor 'so that the finger alone, detached from the body, will still not give access to the memory stick's contents.'

    Surely if somebody can chop off your finger he can also warm it up?

    • I experienced something opposite many years ago: Just holding your hand over a recently used finger print scanner was enough to log you in as the previous user. The previous login had left enough sweat for the device to recognise as a real finger. Holding your hand above it was just to trigger the temperature sensor to activate the reading. The finger print scanners have hopefully improved much since then...
    • by Aceticon (140883)

      Warming up loose bits of meat is on of the things microwaves excel at.

  • by solevita (967690) on Tuesday March 30, 2010 @08:02AM (#31668694)
    From TFA:

    Anyone stateside wanting one of these bad boys will have to wait patiently or hop on a transatlantic flight.

    Just remember to take it out of your pocket before getting back on that plane.

    I'd be interested in one without the knife as something to play with, but I'm not sure I want to carry all the rest of it around with me (I'm not some knife freak, but I want a USB stick to be just a USB stick).

    • by boef (452862) on Tuesday March 30, 2010 @08:07AM (#31668726)
      Indeed.
      Not only do you have to let it out of your sight/control if you fly, it also comes with a built in way for someone to threaten you or cut off your finger (and use it quickly.. they are not nice to touch once they go cold)
      • by Fnord666 (889225)
        From Victorinox's Press Release:
        Victorinox Secure - Swiss Army Knife featuring a removable USB flash drive with secure data encryption, fingerprint authentication and up to 32 GB storage. Product available in flight-friendly version.
    • by bds1986 (1268378)

      Given the fuss about laptop batteries igniting a while back, I can't see the TSA being too pleased with a device with an inbuilt (presumably incendiary) self-destruct mechanism, even without the knife.

      • by jweller (926629) on Tuesday March 30, 2010 @08:59AM (#31669174)

        I doubt very seriously that it's incendiary. I would guess that it is electrical in nature. I built an anti tamper device before and used a 300v photo flash cap run down the ground rail. VERY effective. Actually blew some SMB components off of the board and set several tantalum capacitors on fire.

        Although I guess that could be considered incendiary....

        • Re: (Score:3, Interesting)

          by Andy Dodd (701)

          If I recall correctly, there were a few classic arcade games that were copy protected by a battery-backed encryption key. Mess with the device the wrong way and the key would be lost.

        • In 2006 after the VA hard drive got lost we were looking into an encryption solution for our backups, the thing we finally decided on was a 2U box with a tamper resistant case that would zero out the encryption keys if the chassis was opened, and the encryption chip was sealed in a resin that would destroy the chip if tampered with.

          We ended up with the CryptoStor instead of the DataFort, right before CryptoStor fired all their hardware engineers and decided to focus on the software side of their encryption

    • There should be a MacGyver episode where he uses the self-destructing USB swiss army knife as a detonator of some explosives he concocted in order to escape some thug...
    • by Fnord666 (889225)

      Just remember to take it out of your pocket before getting back on that plane.

      I'd be interested in one without the knife as something to play with, but I'm not sure I want to carry all the rest of it around with me (I'm not some knife freak, but I want a USB stick to be just a USB stick).

      If it is anything like their presentation [swissarmy.com] series, then

      1. The usb stick is detachable from the knife portion, so flying is not a problem, and
      2. They offer a version that does not include all of the knife "stuff"
  • easy (Score:2, Funny)

    by Anonymous Coward

    Cut off the finger stick in mouth then use.

  • by Lorens (597774) on Tuesday March 30, 2010 @08:05AM (#31668718) Journal

    Against the trojan on the computer you hook it up to.

    The knife might be useful for cutting off your finger though.

  • by kiehlster (844523) on Tuesday March 30, 2010 @08:09AM (#31668746) Homepage
    Teacher, I swear I wrote up the entire 40 page paper, but I burned my thumb really bad the other day and when I went to retrieve my paper, it exploded.
  • 2 Hours? (Score:3, Informative)

    by complete loony (663508) <[moc.liamg] [ta] [namekaL.ymereJ]> on Tuesday March 30, 2010 @08:09AM (#31668748)

    Only 2 hours? What are they scared that this thing will be crackable in 3? Seriously, if you are buying one of these to keep something secret on, and you lose it. It will have to remain resistant to attacks for way longer than that.

    This is (of course) just a cheap publicity stunt.

  • Does it have a physical read/write switch?
  • I'm yet to see any USB stick or memory card which I consider "secure." Most of them just use poor software tricks and hacks to secure data, and often do so far worse than off the shelf security software like TrueCrypt. To be honest the best security mechanism you could put on a USB stick would be a physical lock to slow someone down who DOESN'T want you to know they're accessing your drive (e.g. Wife, Coworker, Friends, etc). Just a little rolling combination lock with three digits would slow someone down b

  • So she could not use the device. Security should have fingerprint, strong password, challenge question and voice recognition.

  • by WWWWolf (2428) <wwwwolf@iki.fi> on Tuesday March 30, 2010 @08:21AM (#31668824) Homepage

    "...if they could break into the USB drive within two hours. They failed."

    Am I completely deluded if I think that if crackers have a physical access to a USB drive, they just may be able to withhold it for more than two hours? Maybe I'm proposing a completely implausible scenario here, but suppose the USB drive has been "stolen" (a term which means "physically removed from the possession of the legitimate owner" for those who don't grok this high-tech security lingo) - in such case, the legitimate owner may, theoretically, need more than 2 hours to recover the USB drive, and the attacker can use a longer period of time to their advantage. I remember reading in the literature that "stolen" USB drives may, in some cases, be recovered days, weeks, months later - and in many cases, they may never be recovered. Whether that qualifies as significantly longer than 2 hours, I don't know. I'm not an expert.

    In case you're wondering, no, I don't put much faith in hacking contests, especially if the scenarios they test have small obvious flaws like this. =)

    • I'd imagine that an attacker would steal the drive and then return it shortly after so you wouldn't notice it was missing. It's feasible that they might only have 2 hours (or less) to dump the data. It's far less feasible that they would only have two hours to think of the attack that they were going to use.
  • Extreme cooling (Score:4, Interesting)

    by Henk Poley (308046) on Tuesday March 30, 2010 @08:30AM (#31668898) Homepage

    It burns the inside when opened? Let's see what happens when you pry it open while pouring liquid helium over it.

    This reminds me of the IBM Secure Cryptoprocessors, which are *pretty much* physically secure. But still people get in now and then usually through software or neat stasis tricks so the device can't respond to your intrusion.

    • by rossdee (243626)

      The whole thing shatters into a million tiny shards, since it would be so brittle. Remember the T1000 in Terminator 2 (and he was just frozen by liquid nitrogen.

    • by jonatha (204526)

      >

      This reminds me of the IBM Secure Cryptoprocessors, which are *pretty much* physically secure. But still people get in now and then usually through software or neat stasis tricks so the device can't respond to your intrusion.

      I know Markus Kuhn et al have published some software-based attacks against CCA (the standard software IBM ships with the coprocessor), all of which have been fixed. I have not seen anything about a successful attack against the secure hardware enclosure. Got a link?

  • Now Jason can keep one of these around to keep his Swiss bank account number on. No need for invasive butch^H^H^H^H^Hsurgery or fancy projection systems. He just needs to try to keep his fingers out of frigid sea water.
  • That's barely enough time to even read the specifications. To be taken seriously, the challenge should have given them at least a week, possibly several.

    For keeping my secrets safe for two hours, I wouldn't need to shell out that much money...

  • I predict (Score:5, Insightful)

    by Anonymous Coward on Tuesday March 30, 2010 @08:50AM (#31669084)

    that within 1-2 months we will find out that:

    1) the finger print scanner is not actually linked to the encryption key, but is just to "power on" the device.

    2) the encryption key is processed in host (windoze) based software and that a usb control packet (the exact same packet for all devices) is simply sent to the onboard controller to tell it to "allow access".

    3) the encryption, while purporting to be aes256, is so poorly implimented that it in effect becomes a 16-bit key, thereby becoming brute-forcable on an old C-64 in only 2 days.

  • 2 hours? (Score:3, Insightful)

    by Lord Bitman (95493) on Tuesday March 30, 2010 @08:50AM (#31669086) Homepage

    Some mornings I can't get into my own e-mail account in under two hours, why so low? Why not.. three?

    Here's guessing a blogger will get into one by next month.

  • by AllynM (600515) * on Tuesday March 30, 2010 @08:51AM (#31669094) Journal

    I saw a self-destructed sample of this unit at CES in January. It did not self destruct from an opening attempt, as opening those is quite easy. The drive is enclosed by a simple clear plastic shell (not epoxy filled). The 'destruction' was caused by presumably supplying voltage in excess of the USB spec. You could literally pry the plastic off of the USB drive with the included knife, and it would work just fine (sans enclosure).

    Also, it would be nice if PCWorld at would at least get the name of these things correct:
    http://www.swissarmy.com/multitools/Pages/Category.aspx?category=presentation+pro& [swissarmy.com]

    Perhaps the USB-only part is dubbed 'Secure', but you won't ask for that name when you want to buy one.

    Allyn Malventano
    Storage Editor, PC Perspective

  • WTF!? (Score:3, Interesting)

    by kpainter (901021) on Tuesday March 30, 2010 @08:58AM (#31669166)
    The self destruct mechanism link in TFA is a link to a review of Ironkey's self destruct. I was going to say, this isn't anything new. I had a Sandisk brick itself when it could not be ejected. We switched to Ironkey. We havn't had any problems with these and the encryption is hardware based so it is pretty fast. There is an option to have the drive be capable of being reformatted if you can't enter the password within 10 attempts.

    I have not had a lot of love for fingerprint scanners readers. I think I will stay with Ironkey.
  • Victorinox (Score:5, Funny)

    by Ukab the Great (87152) on Tuesday March 30, 2010 @09:35AM (#31669582)

    When are they going to make a USB Stick with a corkscrew? I might just need to recover with a bottle of wine after my thumb drive destroys itself.

  • China build these for them. And they will be loaded with virus and will destruct at very strange times.
  • by DarthVain (724186) on Tuesday March 30, 2010 @10:49AM (#31670692)

    Rather than try to "protect" the data contained within a thumb stick (which is kind of passive if you think about it), why not actively try to destroy all data to whatever is connected to the thumb stick instead...

    Criminal: "Ha! I stole this thumb stick from that stupid corporation, and I am sure it is just stuffed with credit card info! Now to just use these easily available utilities I found online to crack it..."
    Plugs in device
    PC: "Password: "
    Criminal: "Pffft I can just ignore that, now where did I put that cracker utility..."
    PC: "Timeout. Initiating self destruct!"
    Criminal: "Pfft as if it is going to blow up or something, what a joke..."
    PC: "Virus Loaded....Deleting all files.... Complete. Have a nice day!"
    Criminal: "....."
    Criminal: "....."

Aren't you glad you're not getting all the government you pay for now?

Working...