Security Product Spotlight: datashur Pro – encrypted USB device

0
30

I was invited by iStorage (https://istorage-uk.com) to test their datashur PRO USB storage device. It looks a bit like an ordinary USB stick but it’s hardened both physically and in its firmware. The iStorage datAshur is an easy to use and affordable USB flash drive, employing PIN access with military grade AES 256-bit hardware encryption.  It has a built-in rechargeable batter which allows me to enter my 7-15 digit PIN on its built-in keypad, before I connect it to my computer’s USB port.

 

Plug-and-play Encrypted USB Storage
It took me less than three minutes to get my datashur Pro up and running. It operates easily, right out of the box and does not require any software or drivers to be installed and is compatible with Windows, Mac, Linux, Chrome, Android, Thin Clients and embedded systems. My favorite feature – all data transferred to the datAshur is encrypted in real-time with the built-in hardware encryption engine and is protected from unauthorized access even if my datAshur is lost or stolen. The datAshur automatically locks when unplugged from my computer (or when power to the USB port is turned off). Very cool! Now what happens if you lose your PIN? Are you locked out of the device, completely? No. In fact, it can be configured with independent User and Admin PINs, making it perfect for corporate and government deployment. If the User forgets their PIN, the drive can be unlocked using the Admin PIN which will then clear the old User PIN and allow the User to set a new PIN. In addition, the datAshur also incorporates a drive reset feature which clears both User and Admin PINs, destroys the data, creates a new randomly generated encryption key and allows the drive to be reused. The datAshur is capable of generating an infinite number of randomly generated encryption keys, allowing the user to reset the drive as and when required.

Very Secure Storage
It’s FIPS 140-2 Level 3 Certified among other very serious certifications. But, what about Keyloggers such as Zero-day RATs running on Windows? Can my datashur be hacked and accessed remotely, if I leave it plugged in and leave my computer?

So far, it looks like iStorage planned for that risk by making sure the only way to unlock the device is through the built-in physical keypad, not the Windows keyboard. It appears that it is not vulnerable to software/hardware based key-loggers or brute force attacks. The datAshur protects your data with a “Brute Force Hack Defence Mechanism”, which deletes the encryption key and destroys all stored data if the incorrect PIN is entered a total of 10 consecutive times.

I have only one minor area of concern – don’t let the battery go dead – it’s rechargeable so keep it charged. The good news is, if your battery appears completely dead, just plug it into your USB port and while charging you can access the keypad and unlock the device and get at your encrypted files.  Seems like iStorage thought of everything.  It seems to me if you keep it charged it will last for years – it’s rugged, has a waterproof casing and has tamper evidence features and even tamper-proof coating on the internal drive components.

Summary of Key Features

  • USB 3.0 Flash Drive
  • Capacities up to 64GB
  • FIPS 140-2 Level3 validated – Cert. No. 2688
  • NLNCSA – certified Click Here
  • FIPS PUB 197 certified
  • NATO Restricted level Certified
  • IP57 certified – water/dust resistant
  • Bootable drive
  • AES 256- bit hardware encryption – no software required
  • OS & Platform independent

The company offers excellent support and documentation and has videos online for all their major products.  Here’s their video for this particular device:

Highly Recommended Device
With billions of records already stolen and millions of USB and portable hard-drives lost or stolen each year, the best thing you can do is move to hardware-based encrypted storage. You’ll see additional product options at the iStorage website in size, shape and storage capacity options to fit the needs of a one-man-band or a large enterprise.

As a strong proponent of encryption and personally identifiable information (PII) protection, this is a must have in your security arsenal.

by Gary S. Miliefsky, CISSP
Publisher, Cyber Defense Magazine