resistorX

Self-destructing Victorinox USB stick defies hackers

13 posts in this topic

Anyone hear about this unhackable USB drive? Article is HERE .

Victorinox's new Secure includes all the usual Swiss Army essentials, including a blade, nail file and scissors, plus a mini flashlight and flip-out USB thumb drive with a biometric fingerprint reader. Besides sensing heat with every fingerprint to ensure the fingerprint is legit (and not that of a severed thumb, perhaps severed by the knife itself?) the Secure will actually self-destruct if hackers attempt to physically force their way into it. According to Victorinox, both the drive's CPU and memory will fry when the case is compromised.

According to realwire.com, HERE :

press release

release detail Victorinox launches un-hackable Secure Pro USB drive in London London, 26th March 2010: Victorinox, the family company behind the famed Swiss Army Knife, has launched a pioneering memory stick design at an event held at its European flagship store on London’s New Bond Street. The device is, says the company, the most secure of its kind available to the public. It uses several layers of security including fingerprint identification and a thermal sensor - so that the finger alone, detached from the body, will still not give access to the memory stick’s contents. The Victorinox Secure has also been made tamper-proof. Any attempt to forcibly open it triggers a self-destruct mechanism that irrevocably burns its CPU and memory chip.

Victorinox was so confident of its new product’s elite security standards that it offered a £100,000 prize to a team of professional hackers if they could break into it during the two hours the launch event lasted. The money went uncollected. The event was attended by Victorinox’s CEO Carl Elsener Jr. and the Victorinox Secure’s designer Martin Kuster, a technology security specialist. “Life is becoming more digital every day,” says Kuster. “And yet people do so little to protect their data. The world’s most common password is ‘12345’ - and even encryption can be broken given time.”

VICTORINOX%202_1.jpgVictorinox Secure ProThis unique USB can hold up to 32GB of data and features secure data encryption technology. As well as its security elements, the Victorinox Secure also features the iconic tools you’d expect from a Victorinox Swiss Army Knife.

The un-hackable Victorinox Secure features AES256 technology, together with Victorinox patented unique MKI’s Schnuffi Platform Single Chip Technology. What makes this product exclusive is the integrated Single Chip Technology, meaning that there are no external and accessible lines between the different coding/security steps, as on multi-chip solutions; this makes cracking the hardware impossible.

The Secure Pro is available in three different sizes, ranging from 8GB to 32GB RRP £50 - £180 and features:

- Removable USB flash drive

- Biometric fingerprint recognition technology

- LED Mini White Light

- Retractable Ball Point Pen

- Blade

- Scissors

- Nail File with

- Screwdriver

- Key ring

-ends-

Your contact for further information: ahuckett@publicasity.co.uk 020 7632 2424

About Victorinox

Victorinox produces and sells unique, high quality products worldwide which are of practical use in differing areas of life: Swiss Army Knives, Cutlery, Timepieces, Travel Gear, Fashion and Fragrances. The head office of the company is in Ibach, Schwyz, in the heart of Switzerland. This is where the founder of the company Karl Elsener first set up his cutler’s business in 1884 and, a few years later, designed the legendary “Original Swiss Army Knife”.

Why don't they want someone to get hacked? Beats me.... :cool: .

Edited by resistor X
1

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

0

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

I can, sky corporation with their satelite decoder cards. Once the decryption key's out the cards useless and they have to re-issue a few million of them as their subscriber limit falls dramatically when the pirate cards hit the market. And every sub is worth £30-60 a month...

Unhackable because it has no links between chips. Tell that to NDS who sliced a pic chip on the sky rival's canal+ cards apart and scanned it layer by layer with a scanning electron microscope and assembled it back together to lift the keys off it. Allegedly of course, since it was never proven for the lawsuit. And if you knew the stick had heat sensing on it, wouldn't you just warm up the severed digit up in a bowl of body temp water first? or use fake prints taken from the owner on another humans fingers, or a few other tricks.

Unhackable just means harder and more expensive doesn't it?

Edited by MrFluffy
0

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

I can, sky corporation with their satelite decoder cards. Once the decryption key's out the cards useless and they have to re-issue a few million of them as their subscriber limit falls dramatically when the pirate cards hit the market. And every sub is worth £30-60 a month...

Unhackable because it has no links between chips. Tell that to NDS who sliced a pic chip on the sky rival's canal+ cards apart and scanned it layer by layer with a scanning electron microscope and assembled it back together to lift the keys off it. Allegedly of course, since it was never proven for the lawsuit. And if you knew the stick had heat sensing on it, wouldn't you just warm up the severed digit up in a bowl of body temp water first? or use fake prints taken from the owner on another humans fingers, or a few other tricks.

Unhackable just means harder and more expensive doesn't it?

mythbusters showed a few methods how to get around fingerprint readers... some are as simple as using a photocopy of the fingerprint - while others were more complex, but with a thin latex copy of the fingerprint over your own finger (for the proper temperature) that should defeat this aspect of security...

i agree with decoder, i can only imagine the only reason for wanting your data to self destruct would be to prevent it from ending up in law enforcements hands - however, i have a feeling that the company would work with LEOs to recover data on these devices...

that... and nothing is unhackable... if someone with the skill wanted to, it would just be a matter of time to crack the device... i find it laughable that the proof that it is unhackable is that whatever "hackers" they had at the launch event were unable to crack it within 2 hours - never having seen the device or its specifications...

0

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

I can, sky corporation with their satelite decoder cards. Once the decryption key's out the cards useless and they have to re-issue a few million of them as their subscriber limit falls dramatically when the pirate cards hit the market. And every sub is worth £30-60 a month...

Unhackable because it has no links between chips. Tell that to NDS who sliced a pic chip on the sky rival's canal+ cards apart and scanned it layer by layer with a scanning electron microscope and assembled it back together to lift the keys off it. Allegedly of course, since it was never proven for the lawsuit. And if you knew the stick had heat sensing on it, wouldn't you just warm up the severed digit up in a bowl of body temp water first? or use fake prints taken from the owner on another humans fingers, or a few other tricks.

Unhackable just means harder and more expensive doesn't it?

mythbusters showed a few methods how to get around fingerprint readers... some are as simple as using a photocopy of the fingerprint - while others were more complex, but with a thin latex copy of the fingerprint over your own finger (for the proper temperature) that should defeat this aspect of security...

i agree with decoder, i can only imagine the only reason for wanting your data to self destruct would be to prevent it from ending up in law enforcements hands - however, i have a feeling that the company would work with LEOs to recover data on these devices...

that... and nothing is unhackable... if someone with the skill wanted to, it would just be a matter of time to crack the device... i find it laughable that the proof that it is unhackable is that whatever "hackers" they had at the launch event were unable to crack it within 2 hours - never having seen the device or its specifications...

Or instead of the whole finger slicing thing (ewwwwww btw), why just knock the fool out cold and then just place his finger in it.

0

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

There's many reasons for destroying data to prevent it falling into the wrong hands. A recent example of this is the 4th generation iPhone which was apparently found in a bar, and subsequently had its operating system fried remotely presumably by Apple when they realised it was missing.

Edited by chown
0

Share this post


Link to post
Share on other sites

simple, while device is unlocked and authenticated, freeze said device in liquid nitrogen or if unavailable, canned air sprayed upside down, and keep at a constant freezing temprature and uncap with fuming red nitric or sulfuric acid, the resulting thermal difference and acidic properties will cause the chip to crack open, while retaining the information stored in NVRAM, remove said chip with similarly cooled tool and examine under a cooled microscope.

Edited by IndexPhinger
0

Share this post


Link to post
Share on other sites

simple, while device is unlocked and authenticated, freeze said device in liquid nitrogen or if unavailable, canned air sprayed upside down, and keep at a constant freezing temprature and uncap with fuming red nitric or sulfuric acid, the resulting thermal difference and acidic properties will cause the chip to crack open, while retaining the information stored in NVRAM, remove said chip with similarly cooled tool and examine under a cooled microscope.

That's certainly not simple :P

Edited by chown
0

Share this post


Link to post
Share on other sites

Yeah, ill stick with lopping a finger off while theyre out cold. If the data is that valuable that a simple truecrypt partition on it isnt enough to protect it, its worth more than a finger and nobody normally dies of loosing a digit.

If all the ceo types who buy one of these thought about that, they er... wouldnt :D

Next retina scanners, fancy looking like a extra off jeepers creepers 3?

0

Share this post


Link to post
Share on other sites

It didnt say, but does the biometric finger print scanner hold more than one print? Also Anyone remeber the attack on the pentagon, cause by a pentagon worker picking up a usb drive in the parking lot and pluging it in? They are protected now, cause everyone will have knives to stab the computer to death! Oh and it is a finger print thingy.

0

Share this post


Link to post
Share on other sites

It didnt say, but does the biometric finger print scanner hold more than one print? Also Anyone remeber the attack on the pentagon, cause by a pentagon worker picking up a usb drive in the parking lot and pluging it in? They are protected now, cause everyone will have knives to stab the computer to death! Oh and it is a finger print thingy.

ha nice... so all that is needed to compromise a system is to leave a few thumb drives where the target would find them and likely plug them into a PC..

0

Share this post


Link to post
Share on other sites

mythbusters showed a few methods how to get around fingerprint readers... some are as simple as using a photocopy of the fingerprint - while others were more complex, but with a thin latex copy of the fingerprint over your own finger (for the proper temperature) that should defeat this aspect of security...

a melted Gummi Bear mold of the digit, FTW! One would have a nice snack, too.

0

Share this post


Link to post
Share on other sites

I can't think of any non-shady reason that one would rather have their data "self-destruct" than be seen by prying eyes. It might be nice to thwart law enforcement, but that's about it.

There are many reasons for wanting data to be destroyed. One person gave a good one in the example of the iPhone. Others include confidential information with a high dollar value. It would be best if anything storing high-risk information had strong tamper-resistant properties. All government COMSEC and IBM Level 4 Crypto cards will physically or digitally destroy their secrets upon sensing tampering. These have seen much use for storing/processing high value secrets. Plenty of non-shady uses. Not to mention there are plenty of shady activities that are legal but must remain private to be successful.

Of course, I'll leave all of the high tech hardware hacking to others. I try the low-hanging fruit first. I wonder if this thing has one of those "I promise I have the password" features that just open it up with one signal. Remember the encrypted SanDisk drives that didn't even really need the password to open? I'd look for something like that first. If software attacks didn't work, then I'd crack a few open to figure out what chip technology it was using. Then, either expensive hardware probing or preferably a TEMPEST style attack by a specialist. Active irradiation might be a better way to get an encryption key out of this thing than hardware probes, depending on its construction.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now