Not All Encrypted Drives Are Created Equal
Posted by Apricorn on Oct 28th 2019
While encrypted external drives may share similar form factors, functions, and validations from manufacturer to manufacturer, there are some very real differences to be aware of. We pull away from the pack with forward-thinking innovations that focus on defending against both real and theoretical vectors of attack.
Below are but a few important comparisons of how Apricorn solves common vulnerabilities found in other manufacturers’ encrypted device firmware and design.
Default PIN Vulnerability
All Apricorn devices have Forced Enrollment™–requiring the Admin and User to enroll a unique PIN prior to first use eliminating default passwords. iStorage, SecureDrive, and other ClevX partners all ship from the factory with 11223344 as a default pin to open all of their devices. This PIN can easily be found on their websites. As an IT security officer, if one of your company’s Apricorn device containing sensitive data is ever reported lost or stolen, rest assured it has a unique PIN that isn’t published on our website.
Powered Hub Vulnerability
Apricorn devices are designed to automatically lock in the event of either USB power interruption and/or detection of USB port re-enumeration and will require re-authentication with a unique PIN to change hosts. By design, any iStorage device being used on a powered USB hub (such as a monitor) or a Y-Cable, will remain unlocked as long as its USB port power is maintained. Meanwhile, that hub’s data cable can be disconnected from the original host computer and plugged into an unauthorized host on the fly and that device will remain unlocked and completely accessible to its new unauthorized host.
Read-Only Malware Exposure
With all Apricorn devices, the Read-Only mode can be toggled on or off before it is unlocked and mounted to any host. In the cases of iStorage and SecureDrive devices, sharing data to an unknown computer in Read-Only mode will still expose that device to potential malware from that unknown computer because it must first be authenticated to a host to toggle to the Read-Only mode.
Other Unique Convenience and Compliance Features Found in Apricorn Devices
Recovery PINs
In the case of a forgotten User PIN, Recovery PINs can be programmed into any Aegis secure drive by the Admin, allowing the device to enroll a new User PIN without resetting, losing its data, or sharing the Admin PINs
Programmable Brute Force Attempts
Apricorn devices allow for programming the number of consecutive invalid attempts between 4 and 20 before the device considers itself under attack and performs a crypto-erase. This allows for a tighter security policy and a stronger stance against such an attack.
Programmable PIN Lengths
The longer the PIN, the more exponentially impossible it becomes to guess what it is. Apricorn devices allow the admin to mandate and enforce User PIN length to be between 7 and 16 characters as part of their overall security policy.
Physical Lock Button
If writing to an Apricorn device, to lock it immediately, simply eject it or press the LOCK button. If the device is still writing when these commands are performed, the command will be delayed until the operation is complete. Drives that lack a LOCK button will immediately cease writing upon disconnect and cause a delayed write failure.
3-Year Warranty
Apricorn’s standard 3 year warranty is 33% longer than iStorage and SecureDrive (2 years).