According to a federal communication dated 30 January 2025 from the Defence Group, the datahur Pro has a vulnerability that makes it susceptible to a brute force attack on the PIN. Access is possible within minutes. The Pro2 model does not have this vulnerability. To what extent are the iStorage Pro models identical to the Kingston IronKey Keypad 200 Keys, which appear to be the same on the outside? Who is building for whom and is it simply the firmware that is different? Thanks for the clarification

Question

Accepted Answer

I am not aware of the detailed technical specifications of the Datashure Spechermedien.
How the attack was carried out has also not been communicated. Brute force simply by hand with the mini keyboard within minutes does not seem plausible to me, as the stick would then block after 10 attempts and delete the keys.
An analysis, e.g. by the specialists at CT, would be extremely interesting.

Answer

@thomas.alt As far as I know, the products are identical, just labelled differently. However, it is possible that the FW has been slightly modified. But why not ask the BIT right away? They could then also test the IronKey Keypad 200 on it. I assume that they have done the same.

@Wergra that is correct so far, that the stick deletes / blocks itself if set. But that's with a physical brute force attack. Doing the whole thing digitally via software is something else and so you can bypass the firmware under certain circumstances or ultimately just lever it out. But it would be interesting to know what the test procedure was here.

and btw. for over 90% of private users these sticks are still sufficient. And otherwise report directly to iStorage that you want an exchange. They might be accommodating.

Search

Question about iStorage Datashur Pro