Category Archives: Internet Security

Apricorn Aegis Secure Key 3z USB Drive – Move over James Bond and Ethan Hunt, this data really can self destruct in 5 seconds!

Mission Impossible : Rogue Nation - USB Memory Stick deletion scene - image credit: Paramount Pictures
Mission Impossible : Rogue Nation – USB Memory Stick deletion scene – image credit: Paramount Pictures

If you watch Mission Impossible: Rogue Nation, you will find a scene near the end of the movie where Faust (Rebecca Ferguson) hands a USB drive to her ‘handler’ Atlee (Simon McBurney), he then proceeds to surreptitiously erase the contents of the USB stick using an combination of distraction, slight of hand, a Nokia 930 smartphone and a copy of the Financial Times. Thus Faust is oblivious to the smoke and mirrors that has just taken place and continues on with her mission (should she choose to accept it!).

All of the above just seemed completely unnecessary and it was with this still in mind that I began testing and reviewing the Apricorn Aegis Secure Key 3z, a storage device which not only hardware encrypts your data but also includes a self destruct option for those most inconvenient moments when your only option is to completely destroy the data!

The majority of disk encryption is at software level which means that you can access the information, but it is in effect ‘scrambled’ using a password or code. Try enough times using either brute force or dictionary attempts and you may just crack the key and thus give yourself access to the information.

Gadget Man Reviews the Aegis Secure Key 3z
Additional technology is simply not required to secure your data with the Aegis Secure Key 3z

The Secure Key 3z uses a hardware based encryption, namely 256-bit AES XTS. AES is an acronym for “Advanced Encryption Standard”, originally invented in 2001 as the “Rijndael Cypher” after it’s creators Daemen and Rijmen. AES is a widely used encryption standard able to be resilient against attacks. It is in fact so highly respected, it has become to ‘go to’ encryption method for security agencies, banks and governments to trust it with their highly sensitive information and state secrets. The 3z uses 256 bit encryption, which gives a hundred thousand billion billion billion billion billion billion billion billion combinations of keys. With the further addition of the XTS cypher, it renders data stored on the device effectively impossible to access or decrypt.

Gadget Man Reviews the Aegis Secure Key 3zOut of the box, the Secure Key measures in at 81mm x 18.4mm x 9.5mm and weight 22 grams and has an internal rechargeable battery. Once unpacked, you will need to set up your Admin pin number straightaway as there is no pre-programmed key. This must be between 7 and 16 digits, you cannot set consecutive numbers or numbers which are all the same, this pin is users to set up the Secure Key allows to to manage other features, but more of that later.

As soon a you’ve added your admin user, you can then (if you like) add a standard user. You would use this feature if you were going to manage the Secure Key and were going to issue it to another person to use. Again, this is a fairly straightforward and covered in the ‘quick start guide’.

Gadget Man Reviews the Aegis Secure Key 3z
In its locked state, the Secure Key is is not recognised when plugged into a PC, Mac or mobile device

Whilst locked, the USB is effectively useless, plug it into a computer’s USB port and you will find the computer won’t even recognise the device as it is hardware disabled, in other words it’s switched off. This is indicated by a ‘red’ led illuminating on the device. To unlock the device, you press the green padlock key and then enter either the user or admin pin number and press the green padlock again. The red LED will switch off and the green LED starts flashing, this indicates that device is unlocked and ready for use, it is simply a matter of plugging it in to a spare USB port.

The Aegis Secure Key’s FIPS 140-2 validation covers 11 areas of its cryptographic security system, including physical security, cryptographic key management and design integrity.
The Aegis Secure Key’s FIPS 140-2 validation covers 11 areas of its cryptographic security system, including physical security, cryptographic key management and design integrity.

The key itself is USB3.1 but is backwardly compatible to v3, v2 and v1.1. This gives it a surprising turn of speed of  to 190MB/s read and 80MB/s write.

OK, so the key performs really nicely and had government grade encryption, what happens if I lose the key and it gets into the hands of an enemy?

Apricorn Aegis Secure Key 3z
Apricorn Aegis Secure Key 3z

First off, the key is encased in a IP58 Dust and Water Resistant tough metal shell with polymer coated wear resistant keys. Inside the electronic components are protected by a filling of hard epoxy resin, making a physical attempt to access the electronics virtually impossible without causing catastrophic damage.

PIN entry ‘brute force’ protection means that if you enter the code number incorrectly more than 3 times, the space between entry of subsequent pins slows down, if the incorrect entry of keys hits 10, the red light on the key will start flashing rapidly, at this point you have 10 more attempts left, if you fail to enter a correct pin within these last attempts, the key will consider itself as under attack and will delete it’s data as a precaution.

Apricorn Aegis Secure Key 3zShould you be left in the position of Faust and Atlee in Mission Impossible : Rogue Nation, there is in fact a better option for destroying the data on the card (or in fact having a third party do it for you). Yes, the Secure Key supports the entry of a self destruct key, a key which is designed to delete all data on the key and reformat the device, this key is then assumed as the standard key for the device and it will behave as a brand new drive.

It was quite fiddly to set up, but I was successful in testing the ‘Self Destruct’ mode, it worked as documented and didn’t give me any indication that it was taking place.

Apricorn have made a very solid product with the Secure Key 3z, it looks and feels the part, it worked very well and the security features were exceptional.

I loved the fact that a company is working SO hard to make the theft of data so difficult. In times of cross border data theft, the counter-measures employed by the Secure Key 3z are both impressive and comforting.

Matt Porter
The Gadget Man

Starting at £74 for the 8GB to £228 for 128GB models, the USB Storage Key is reassuringly priced for the corporate market.

[amazon_link asins=’B01N175FSF’ template=’ProductCarousel’ store=’uk=1′ marketplace=’UK’ link_id=’68297abd-fef9-11e7-82c3-85a91e804c5f’]

 

The Gadget Man – Episode 104 – Defeating Vehicle Security

Following a report by the RAC that vehicle thefts in the United Kingdom have risen by 30% in the last three years, I spoke to Mark Murphy on his BBC Radio Suffolk Breakfast show about how thieves are trying to defeat the security measures that car manufacturers are putting in place.

You can listen into the stream, but clicking the ‘play’ button above.

If you are interested in the technology that is regularly being used to defeat vehicle security, Andy Greenburg has written a very interesting article on Wired which can be found here.

Matt Porter
The Gadget Man

 

The Gadget Man – Episode 101 – WannaCry – WannaCrypt – Eternal Blue – What Happened and What to Do?

Following my previous post which can be found here, I talked this morning to Mark Murphy on BBC Radio Suffolk about WannaCry and the effect it has had on the NHS, what needs to be done to stop it happening again and what we can do to protect ourselves.

To read and in depth article on how to protect your computers from such attacks, click here

PLEASE ensure your computers have all their updates installed and make sure you have Anti-Virus software installed.

 

 

The Gadget Man – Episode 82.5 – Attempted Telephone Extortion by a ‘Help Desk’

The Gadget Man - Episode 82.5 - Attempted Telephone Extortion by a 'Help Desk'
The Gadget Man – Episode 82.5 – Attempted Telephone Extortion by a ‘Help Desk’

We’re now firmed established in the New Year now and 2016 is looking to be a memorable one for technology. What hasn’t changed however is computer crime. Criminals have now settled in to established methods of computer crime using either hacking or persuasion on the telephone or email.

Attached is a recording of a telephone conversation I had with a ‘cold caller’ who goes on to tell me that I possibly have issues with my computer and with their help, they are suggesting they can fix them.

I have had countless telephone calls very similar to this one, what is different is that I specifically request the caller to go home and think about who they are working for, when they immediately hang up on me.

To be clear, NO COMPANY is able to tie your telephone number to your computer in this context. It would be incredibly time consuming to go about such an act and would therefore be reserved for government or police forces to do. If anybody calls you out of the blue and suggests your computer is faulty, hang up and consider reporting the call to the police and telephone provider. Do NOT follow any instructions by the caller to run software of ANY kind, they are simply attempting to extort money from you which could run into thousands of pounds.

If you know ANYONE who might be vulnerable to this kind of scam then please send them the link to this page.

Happy New Year

Matt

Photo Credit : Christiaan Colen via Flickr

The Gadget Man – Episode 71.5 – The state of Internet security with Danvers Baillieu from Hide My Ass

Danvers Baillieu from Hide My Ass
Danvers Baillieu from Hide My Ass

We’re half way through Cyber Security Month and you can’t open a paper or turn on the TV without hearing about the latest high profile data leak. Security Issues are certainly something that we have covered in the past, so today I was delighted to have the opportunity to interview Danvers Baillieu, Chief Operating Officer of Hide My Ass!

Hide My Ass! or HMA are one of the leading firms of companies providing secure VPN connections to the internet and it was great to speak to Danvers to hear his view on current Internet security issues that are seemingly constantly in the news.

In the interview we covered internet security from both a company and personal point of view, how the governments should or shouldn’t involve themselves and what we should be looking out for in the future.

Listen in the stream and let me know what you think of the topics covered.

Thanks to Danvers for taking time out of his day and for Jocelyn from Cow PR for setting up the interview.