A poster named Nexus is claiming that he removed the protective epoxy coating from an IronKey secure USB flash drive and it still works. Photos of the chips on the device are shown here and here. What is interesting to me is that to get the FIPS 140-2 Level 3 certification that the device has, it is supposed to have a “Hard opaque potting material encapsulation of multiple chip circuitry embodiment or strong enclosure with removal/penetration attempts causing serious damage.” That is, the device should erase (zeroize) itself to prevent access to the protected contents including the encryption keys.
Once the epoxy is removed, an attacker has access to all of the chips and interconnects between them. This allows an attack against the encryption engine in addition to being able to read out the data on the memory chips. So I guess that while the IronKey has a very nice looking case that seems to be substantial when held in your hand, its data protection is only skin-deep—and that is really scary.
Comments?
Ron LaPedis, CISSP-ISSAP, ISSMP, MBCP, MBCI
