2. Steal the laptop and get out of the range of the token quickly to prevent self-destruction via the token. I could not find how drive and token communicate but you can probably jam it, too, for example Bluetooth.
3. Keep the battery charged to prevent self-destruction by low battery level and set up a femto cell - without connection to the real GSM net, of course - to prevent self-destruction by GSM starvation and SMS.
Now you should at least have all the time you need.
"A Signal Proximity (SP) option means that any registered AutothysisDSP computer hard drive that leaves the vicinity of the DSPS signal will automatically self-destruct. This protects against theft and someone walking out the room with a computer. Likewise if a jamming of the DSPS signal is tried in an attempt to thwart the security protocol the registered DSPS hard drives will self-destroy."
you forgot one, and it makes jamming more difficult.
This is all very neat, but it appears these folks haven't heard of X-ray microscopy - I don't see why, with a sufficiently high resolution scan, you couldn't see the physical state of the NAND switches on the chip, without opening the packaging, or doing anything else to trigger it.
16nm gates, 10nm resolution achieved - this is probably "good enough", although would require some work as the resolution is barely better than the NAND cell size.
Although you could remedy this by wrapping the thing in lead, within the case - which maybe they have. Be interesting to see the RoHS statement.
[1] If you are really paranoid and don't want to connect the devices to the internet, or if you don't have an internet connection at the target location, send a messenger with a random symmetric key first. If he/she arrives safely, send the hard drive with full disc encryption using the symmetric key next. Via any means. You can even FedEx it.
It's pretty easy to think of scenarios that FDE does not protect against but this product could.
1) While cloning, modify the bootloader to load a software keylogger when the computer starts.
2) After cloning, install a hardware keylogger.
This level of security is ridiculous for almost everyone, of course. But we are talking about a self destructing SSD, which you want to send via courier to initiate the destruct, as an alternative. So I think this is a fair comparison.
A thin layer of thermite, a magnesium starter, and a ceramic holster to keep the thermite firmly against the drive during the burn should work. Two thousand degrees of burning iron a few millimeters away from the nand should thoroughly annihilate it.
They lost me at "Firstly the encryption key is flipped". What does this mean?
I assume "flipped" is a translation error for "cleared" or "randomized", especially given typos like "instantaineously".
How can anyone consider this "transparent" encryption to be secure?
Only the (TI) security processor itself had a FIPS 140-2 Level 3 crypto engine. However this device as a whole has no certifications I am aware of, FIPS, CESG or anywhere else (let's leave aside for a moment the flaws of the certification processes). Given its claims, the threat model and what it tries to do, that is actually surprising. It should be aiming for 140-2 Level 4, with claims like that. There are not a lot of 140-2 Level 4 devices around at all…
They say "flipped". Do they mean "zeroized"?
There are a few pitfalls with disk encryption. They mention AES-256-CBC. That is not a wide-block mode. So how are the IVs defined? Do they use an encrypted salt-sector IV? A plain one? Is any diffuser used? Is there any integrity protection?
I do not see that this provides a meaningful level of security which is even comparable to, say, (the late) TrueCrypt.
Speaking of magic, I've just realised one big potential problem that's been bugging me about this, which finally leaped out at me.
Destruct is controlled via SMS? That is to say, unless they've been unbelievably careful about shielding and optoelectronic coupling (and from the photos, they haven't) there's almost certainly a GSM transceiver, inside the security boundary, near the data paths.
Oops.
Those familiar with EMSEC will know why this could present a Big Problem™. My first port of call, attacking one of these, rather than stealing it, would probably be to sit in the car park with a femtocell and a directional antenna, and make sure the device gets really loud GSM reception. And see what crosstalk gets modulated back. :)
(If you don't think this is a realistic attack for you, why are you in the market for Mission Impossible gadgets anyway? Use TrueCrypt or dm-crypt or DiskCryptor or something. At least you can analyse how they work more easily.)
Similarly, if it's made by, or spiked by, a malicious actor, it's got scope to go kleptographic on your ass and covertly transmit your data. Need to be careful about that.
A quick glance at the laws in California make it a felony to simply have in your possession "any sealed device containing dry ice or other chemically reactive material that is assembled for the purpose of causing an explosion." The definitions for other types of destructive devices are specific to scale, but this part is not.
Looking at the pix that show chip fragmentation, I don't see evidence of reactive chemistry. No melted edges, no deposition of combustion products, no missing material that would suggest propulsive transport incident to a micro explosion caused by detonation of a tiny blob of, for example, lead styphnate or some other primer-like compound.
Exploding wires are an old technology, and don't involve "...chemically reactive material...". Think old-fashioned fuses, but with faster dynamics.
Maybe they have an on-board supercap that they dump into a buried trace, producing a brief high temperature copper plasma and a shock wave that breaks the chip?
Interesting technology, would like to know how they do the physical destruction.
If my data is valuable, I have two fears: (1) theft, (2) loss. If my drive is built to self-destruct, it decreases fear #1 but increase fear #2. What do I do then? Back up my data elsewhere? But that defeats the purpose of the high security drive. Do I get more than one high security drive? That still puts a lot of trust in the design -- if there were a systemic flaw that caused them all to fail or self-destruct at once I'd be out my data.
This is for people who care more about knowing that the data was transferred securely than whether it goes through at all. There would likely be a master (backed up) copy on an internal air-gapped machine.
E.g. I was part of maintenance on a defence system once that in itself wasn't very important, but it was kept in an air-gapped concrete bunker with a faraday cage deep inside the office building. Offices outside were used for top secret data during processing, but when people were done working on something, storage would happen in the "bunker".
I'd imagine drives like these would be popular for the offices.
This smartphone app and token, how do they communicate with the drive? Does it use cryptographic signatures to make sure that it's actually my phone talking to the device and not someone else, or just a passcode?
Does the drive send out an alert if it receives more than X SMS messages, where X is configurable? What's to stop someone from sending random texts to it until it self destructs? Simply the that they don't know the phone number?
How long does the battery last?
It depends on the nature of the data you want to store: there is some data which you would be concerned with letting others get access to but whose existence is more important, and other data where you absolutely must not let others get access to, even if it means that no one (including you) can. This drive is designed for the latter case.
First thing I'd try: LN₂ over the case entry sensors followed by that fun expandy foam stuff.
It probably wouldn't work first time, but next try I'd know where to short/aim. Or shortcut that with X/gamma so I have a drill point.
