Has the IronKey Been Exposed?

A poster named Nexus is claiming that he removed the protective epoxy coating from an IronKey secure USB flash drive and it still works. Photos of the chips on the device are shown here and here. What is interesting to me is that to get the FIPS 140-2 Level 3 certification that the device has, it is supposed to have a “Hard opaque potting material encapsulation of multiple chip circuitry embodiment or strong enclosure with removal/penetration attempts causing serious damage.”  That is, the device should erase (zeroize) itself to prevent access to the protected contents including the encryption keys.

Once the epoxy is removed, an attacker has access to all of the chips and interconnects between them. This allows an attack against the encryption engine in addition to being able to read out the data on the memory chips. So I guess that while the IronKey has a very nice looking case that seems to be substantial when held in your hand, its data protection is only skin-deep—and that is really scary.

Comments?

Ron LaPedis, CISSP-ISSAP, ISSMP,  MBCP, MBCI

1 Comment to “Has the IronKey Been Exposed?”

  • David Wilcox says:

    Ron interesting analysis but my guess is these pictures are not of an IronKey device at all.

    Per your statement FIPS level 3 certification is tamper resistant – see http://en.wikipedia.org/wiki/FIPS_140-2 which does not support Nexus claims.

    Perhaps you need to check back with the source to verify?

Post a Comment