Apricorn launches the world's largest and possibly most secure external HDD

Humza

Posts: 737   +160
Staff member
Why it matters: Apricorn is targeting its latest - and largest - hard disk drive at organizations working with sensitive data. With a USB 3.2 interface, the Aegis Padlock DT FIPS won't be breaking any speed records with a max 5 Gbps (625 MB/s) data transfer rate, but it will protect that data with FIPS 140-2 level 2 security that certifies it for use within government, medical and financial sectors. It's available in 9 storage capacities that start from the $229 2TB model and goes up to 18TB, which costs $1,199.

Like its mouthful name, Apricorn's new Aegis Padlock DT FIPS encrypted desktop drive is designed to be very tough on hackers, thanks to a host of security features built inside and out. On the surface, the Aegis Padlock is essentially an HDD (from an unnamed vendor) inside an enclosure, which is then protected with hardware-based 256-bit AES XTS encryption and an onboard keypad PIN for authentication.

Apricorn says that the drive is FIPS 140-2 compliant and uses the company's own locked down AegisWare firmware to make it 'immune' against malware, while a hardened epoxy layer on the drive's internal components protects it from physical tampering.

The drive features a separate Admin and User mode that allows for setting up to four User PINs with one independent Admin. When connected, it remains invisible to the host and can only be unlocked by typing the PIN with the onboard keypad, protecting it from any keyloggers/spying tools that might be listening for keyboard strokes. The buttons on the keypad, meanwhile, feature a wear-resistant polymer coating so as not to reveal the most commonly used ones.

While in User mode, the drive offers limited functions (read/write data, lock/unlock drive) and can also be set to lock after a certain period of inactivity. It also has a "Brute Force Hack Defense Mechanism" against physical attacks that causes the drive to delete its own encryption key after a consecutive number of incorrect PIN entries (that are configurable), thereby making it impossible to decrypt stored data.

As a last line of defense, Apricorn notes that users can activate a "Self-Destruct" PIN that performs a complete crypto-erase on the drive and then becomes the new access PIN for it. The company also provides a 12V AC adapter for powering the drive and warns against using alternatives.

The Aegis Padlock DT FIPS is compatible with Windows, Linux and Mac PCs and is offered with a 1-year limited warranty. It's available to buy in a variety of capacities, including a whopping 18TB version that costs $1,199, making it the largest and possibly the most secure external HDD on sale right now.

Permalink to story.

 

Uncle Al

Posts: 7,485   +5,992
Pretty sharp device ... now if they can get the price down and speed it up I think it will be VERY popular!
 
  • Like
Reactions: Ketosis

Humza

Posts: 737   +160
Staff member
  • Thread Starter Thread Starter
  • #4
Sounded great until user access available via a 4 digit pin! No need to break the disk encryption, just brute force the pin.
The drive supports up to 4 users, each with their unique pin. The length of that pin can be set between 7-16 characters by the Admin.
 

Bullwinkle M

Posts: 373   +267
Topping out at around 100MB/sec and using a hardcoded encryption/decryption key tied to the serial number?

It doesn't sound very fast or secure to me!
 

pcnthuziast

Posts: 890   +534
Professionals wanting the highest level of security wouldn't want a 'stock' option and would be much more likely to get something custom. People who would spend on this likely don't even require absolute security, if at all other than peace of mind.
 

Bullwinkle M

Posts: 373   +267
Sorry, mis read the article.
LoL
No Biggie

Reading the article correctly leaves you just as confused


"With a Max 5 Gbps (625 MB/s) data transfer rate"

With a HARD DRIVE?
Really?
Show me that drive!

"The drive supports up to 4 users, each with their unique pin."

Once your "unique" pin has been verified, the drive controller unlocks the drive using a hardcoded encryption key (tied to the serial number)

So, even if the drive itself is not backdoored, the database of encryption keys can be used to create a new controller with the same master key used with your serial number

Meaning, I could now open "your" drive with "my" password (1234567) by simply swapping controllers

Disclaimer:
Court Orders may or may not apply depending on your location and political persuation
 
Last edited:
  • Like
Reactions: Homerlovesbeer

zamroni111

Posts: 117   +50
I only have regular external harddisk so I just encrypt it using bitlocker. It still better than no encryption at all