Wired: How a Shady Chinese Firm’s Encryption Chips Got Inside the US Navy, NATO, and NASA

Posted by apricorn.com on Sep 19th 2024

In Response to Wired Magazine's Article Regarding Shady Chinese Chips,

It’s important to remember that the scenarios suggested in this article are purely speculative and theoretical.
In more than 18 years of making over 2.5 million secure, encrypted external storage devices, there has not been a single report of a successful attack or a proven vulnerability involving Apricorn’s encrypted USB storage products.
NOT ONE.

Additionally, and of equal importance, Apricorn’s IP security policy precludes outward discussion of our designs and their internal electronic componentry, which includes those components’ countries of origin.

So while we can’t say where our chips come from, we CAN say they are NOT from China.

NOTE: Prior to the writing of the article itself, Apricorn’s public relations team was contacted by the article's author seeking an interview with a representative from Apricorn to contribute to this article. Based on the given subject outlines and our IP security policy mentioned above, we concluded that he would be covering proprietary, sensitive component information which left us no choice but to decline his invitation.

Apricorn regards every component source with an absolute zero-trust approach, regardless of where a chip originates. We assume no component to be secure on its own, and we design our products to mitigate any and all vulnerabilities that could be introduced into our final product.
As such, we:
  • Fully test and evaluate each component to ensure we select the most reliable and secure components available.
  • Invest significant time, resources and budget in contracting third-party penetration testers to look for any potential vulnerabilities
    in each and every one of our products on an ongoing basis. While none have been discovered to date, we continue this testing.
  • Ensure that our designs attain FIPS validations from NIST for globally accepted security standards. Our track record, design process,
    and commitment to data security proves that Apricorn produces the most secure external storage devices in the industry.
Apricorn is also committed to adhering to the sanctions put in place by the US government, and are in full compliance with all relevant
government requirements. The components used within Apricorn devices, and the design of our devices, are proprietary intellectual property
that we don’t share with the public. This is not just a matter of intellectual property, but also a matter of maximizing the security of our devices
and our design, as well as assurances for our customers and their data.
 
Apricorn is committed to security and remains confident that none of our customers are being, nor will be affected by the proposed
vulnerability discussed in the article. To illustrate this, consider the following security features built into every Apricorn device:
  • Software-free and hardware-encrypted, meaning 100% of device authentication and encryption processes take place within the
    device itself; there is no involvement with the host computer whatsoever.
  • Protects data at rest and will not communicate with any host computer in any fashion until the device is physically unlocked by way of its
    numeric keypad; there is NO cyber pathway to unlocking / authenticating an Apricorn device. Nefarious actors would have to take physical
    possession of a device in order to attempt any type of attack.  
  • Has a programmable brute force mode , which allows only 20 passcode attempts before the decryption key self-destructs.
 
If you have further questions about the article in question, or how Apricorn ensures its products are not vulnerable to the types of
theoretical attacks described in the article, please reach out to sales@apricorn.com