DiskAshur®2 Portable, Hardware Encrypted USB 3.1 Hard Drive with ultra-secure onboard PIN Authentication and capacities of up to 5TB.
An easy to use ultra-secure, PIN authenticated, portable USB 3.1 hard drive with real-time AES 256-bit XTS hardware encryption, software free design and super-fast data transfer speeds. The diskAshur2 has an easy-to-use keypad design enabling you to securely access the drive with your own unique 7-15 digit PIN and with software free setup and operation, the diskAshur2 is platform/device independent and works across all operating systems.
- Common Criteria EAL4+ ready on-board secure microprocessor
- Real-time military grade AES 256-bit XTS Full-Disk Hardware Encryption
- FIPS PUB 197 Validated Encryption Algorithm
- PINs and encryption keys are always encrypted while at rest
- Brute Force Hack Defence Mechanism
- Tamper Proof
- Immune to BadUSB
- Water & Dust Resistant - IP56 certified
- Epoxy coated wear resistant keypad
- No speed degradation - as fast as any non-encrypted USB 3.1 HDD
- Desk Lock Slot
- No software or drivers required - 100% Hardware Encryption
- PINs and encryption keys are always encrypted while at rest
- Read-Only (Write Protect) & Read/Write modes
- Supports User and Admin PINs
- Self-Destruct Feature
- Drive Reset Feature
- Super Speed USB 3.1 with integrated cable
- Unattended Auto-Lock feature
- No admin rights needed
- OS & Platform Independent - Works on any device with a USB port
- All components covered with a layer of super tough epoxy resin
- Available in four colours Phantom Black, Ocean Blue, Fiery Red & Racing Green
What is diskAshur2?
An easy to use ultra-secure, PIN authenticated, portable USB 3.1 hard drive with real-time AES 256-bit XTS hardware encryption, software free design and super-fast data transfer speeds. The diskAshur2 has an easy-to-use keypad design enabling you to securely access the drive with your own unique 7-15 digit PIN and with software free setup and operation, the diskAshur2 is platform/device independent and works across all operating systems including all versions of MS Windows, macOS, Linux, Android, Chrome, Thin Clients, Zero Clients and embedded systems. In fact, it will work on any device with a USB port! One of the unique and underlying security features of the GDPR compliant diskAshur2 is the dedicated hardware based secure microprocessor (Common Criteria EAL4+ ready), which employs built-in physical protection mechanisms designed to defend against external tamper, bypass attacks and more. Unlike other solutions, the diskAshur2 reacts to an automated attack by entering the deadlock frozen state, which renders all such attacks as useless. In plain and simple terms, without the PIN there’s no way in!
EDGETM (Enhanced Dual Generating Encryption) Technology
Offering advanced portable data security via built-in FIPS PUB 197 validated AES 256-bit XTS hardware encryption engine. The data encryption key is randomly generated by a Common Criteria EAL4+ ready Random Number Generator and protected by NCSC, FIPS and Common Criteria validated wrapping algorithms. Uniquely featuring a dedicated on-board Common Criteria EAL4+ ready secure microprocessor to enhance security through true random number generation and built-in cryptography. The security component employs physical protection mechanisms to protect itself from any external tamper, bypass laser attacks and fault injections and incorporates active-shield violation technology. More specifically, the secure microprocessor reacts to all forms of automated hacking attempts by entering the deadlock frozen state where the device can only restart through a ‘Power On’ reset procedure (i.e. power off/power on). The security lock feature protects the device against any unauthorised firmware modifications from the host side (fully protected against BadUSB). The diskAshur2 uniquely incorporates a secure microprocessor providing secure algorithms to encrypt both the data and the encryption key, giving you confidence that your data is protected to the highest standards at any given time.
FIPS PUB 197 Validated Encryption Algorithm
Employing AES 256-bit XTS hardware encryption, the iStorage diskAshur2 seamlessly encrypts all data on the drive in real-time, keeping your data safe even if the hard drive is removed from its enclosure.
Super-fast USB 3.1
With super-fast USB 3.1 data transfer speeds of 148 MBps (Read) and 140 MBps (Write), you can now access your files faster than ever before. The iStorage diskAshur2 is also backwards compatible with USB 2.0 and 1.1 ports.
Brute Force Hack Defence Mechanism
The iStorage diskAshur2 is intelligently programmed to protect against all forms of Brute Force attacks. After five consecutive incorrect PIN entries the drive will freeze, requiring the drive to be disconnected and reconnected to the USB port to get a further five PIN entry attempts. If a further five (10 in total) consecutive incorrect PIN attempts are entered again, the diskAshur2 will freeze again. To get a further and final five PIN attempts (15 in total), the “shift” button must be pressed whilst inserting the USB cable to the USB port and then an iStorage preset PIN will need to be entered. On the fifteenth consecutive incorrect PIN entry, the diskAshur2 assumes it is being attacked and will delete the encryption key and lock itself, rendering all data previously stored on the drive as lost forever. At this point the drive can be reset to factory default settings and redeployed.
Self Destruct Feature
You can pre-program the diskAshur2 with your own unique Self Destruct PIN which, once implemented, instantly deletes the encryption key, all PINs, data and then creates a new encryption key.
Drive Reset Feature
The iStorage diskAshur2 also employs a useful drive reset feature, which can be implemented with a unique command. This clears all PINs and data, and creates a new randomly generated encryption key, enabling the drive to be reset and redeployed as many times as needed.
Unattended Auto-Lock Feature
Set the unattended diskAshur2 to automatically lock after a pre-determined amount of time.
Tamper Proof Design
In addition to incorporating a secure microprocessor, encrypting the data and the encryption key, the diskAshur2 adds another barrier between your data and a hacker. All the components of the diskAshur2 are completely covered by a layer of super tough epoxy resin, which is virtually impossible to remove without causing permanent damage to the components. This barrier prevents a potential hacker from accessing the critical components and launching a variety of futile attacks.
Data at rest protection
All data, PINs, and encryption keys are always encrypted while at rest.
Wear Resistant Epoxy Coated Keypad
Designed with protection in mind, the diskAshur2 wear resistant epoxy coated keypad hides key usage to avoid tipping off a potential hacker to commonly used keys.
|Capacity||500GB, 1TB, 2TB, 3TB, 4TB & 5TB*|
|Data Transfer Speed||Up to: Read 148 MBps / Write 140MBps|
|Power Supply||Bus Powered|
|Dimensions(W,D,H)||500GB/1TB/2TB - 124 mm x 84 mm x 19 mm
3TB/4TB/5TB - 124 mm x 84 mm x 27 mm
|Weight||500GB/1TB/2TB - max. 216 grams approx.
3TB/4TB/5TB - max. 325 grams approx.
|Approvals||FIPS PUB 197 Validated, FCC, CE, RoHS, WEEE, TAA Compliant|
|Interface||Super Speed USB 3.1 - up to 5Gbps. Backward compatible with USB 3.0/2.0/1.1|
|Operating System Compatibility||MS Windows, macOS, Linux, Chrome, Thin Clients, Zero Clients, Android & Embedded Systems|
|Hardware Data Encryption||Real-Time Military Grade AES 256-bit XTS Full-Disk Hardware Encryption|
|iStorage Part Number||IS-DA2-256-xxxx-xx (xxxx-xx = Capacity and Colour) B = Phantom Black: BE = Ocean Blue: R = Fiery Red: GN = Racing Green:|
|Box Contents||Portable Hard Drive, Protective Carry Case, QSG (Quick Start Guide)|
We strongly recommend that you carefully read this User Manual, shipped with the device or available for download on our website before contacting us for technical support.
There are no 'Back Doors' to our products, we cannot retrieve a forgotten PIN or retrieve any data off the drives unless the PIN is known.
Below are answers for the most frequently asked questions:
Your diskAshur2 undergoes a rapid self-test to verify all security components are working properly each time you plug into a powered USB port. The LEDs will go through 3 test stages, blinking in sequence RED, GREEN and BLUE, followed by two GREEN blinks and then to RED (Standby State) on a successful test. Any test failure will force the diskAshur2 to securely reset itself and automatically resume the self-test without affecting the encryption key or any data stored on the drive.
Please follow the 2 simple steps below to unlock the diskAshur2 for the first time with the default Admin PIN.
- Connect the diskAshur2 to a USB port. The LED will light up solid RED awaiting PIN entry (Standby State).
- Enter the default Admin PIN, ‘11223344’ and press the ‘UNLOCK’ button once to unlock diskAshur2.
GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use.
In addition to the Admin PIN, the diskAshur2 can also be configured to create an independent User PIN. To create a new User PIN follow the steps below.
1. In Standby State (solid RED LED), press and hold down both the ‘UNLOCK and number ’1’ buttons and release once the GREEN and BLUE LEDs start blinking together.
2. While the GREEN and BLUE LEDs are blinking, enter your Admin PIN and press the ‘UNLOCK’ button. LED’s will change to a solid BLUE LED indicating the diskAshur2 is in ‘Admin Mode’ and awaiting further commands.
3. With the drive in Admin Mode (solid BLUE LED), press and hold down both the ‘UNLOCK’ and number ’3’ buttons and release once LEDs change to a solid BLUE and blinking GREEN.
4. Enter your new 7-15 digit User PIN and press the ‘UNLOCK’ button. The LEDs will change to a rapid GREEN LED blink and back again to a solid BLUE and blinking GREEN LEDs.
5. Re-enter your new 7-15 digit User PIN and press the ‘UNLOCK’ button. GREEN LED rapidly blinks for a few seconds and finally changes to a solid BLUE LED indicating the User PIN has been successfully created.
Unlock with Admin PIN
To access the diskAshur2 as Admin, first enter your Admin PIN and then press the ‘UNLOCK’ button. GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use as Admin.
Unlock with User PIN
To access the diskAshur2 as the User, first press the ‘UNLOCK’ button, then enter your User PIN and press the ‘UNLOCK’ button again. GREEN and BLUE LEDs will alternately blink several times and finally changing to a solid GREEN LED indicating the drive is unlocked and ready to use as the User.
The diskAshur2 allows for ONE (1) User PIN and ONE (1) Admin PIN.
If a User forgets their PIN, the diskAshur2 can be unlocked using the Admin PIN.
Any new Admin or User code that is setup has to be a minimum of 7 digits and be no more than 15 digits long (7-15 digits).
Use your Admin PIN to enter Admin Mode, and then create another User PIN in Admin Mode.
There is no other way to retrieve the Admin PIN except a complete reset of the diskAshur2. After a complete reset, all data will be lost and you will need to initialise, allocate and format the diskAshur2 manually.
Why did the operating system not recognise the diskAshur2 after I enter Admin or User PIN after complete reset of the diskAshur2?
You need to initialise, allocate and format the diskAshur2 drive manually. For more information, refer to “Initialising and formatting the diskAshur2” in the product manual.
No, this is a Windows limitation, you must use the Admin account to initialise and format the diskAshur2.
Ensure that you have administrator privileges for your computer. You can use only the administrator account to initialise partition or format the diskAshur2 in the User Mode.
As a full disk encryption product, the diskAshur2 can never be used without a password.
The diskAshur2 uses AES XTS 256-bit algorithm.
You can change it only in the Admin Mode. In the User Mode, the User PIN which has the same digits is created in the Admin Mode cannot be changed or deleted.
No, since the diskAshur2 does not require any software to be installed and the encryption/decryption is performed in Hardware on the drive itself, “Admin Rights” are not required.
My diskAshur2 drive locks for no reason when connected to my computer whilst I am using it, what is causing this?
The issue you are having is being caused by power saving settings on your computer so please see below and make the appropriate changes to your computer and this will stop the diskAshur2 from locking.Microsoft Windows
Doing the following will prevent Windows from switching off the diskAshur2, go to `Control Panel` & `Power Options`, the easier option is to disable power saving which means stopping the computer from `Sleeping`.
In addition go into Advanced Settings in Power Option to disable the following:
- Ensure the computer is set to sleep: Never
- Turn off hard disk after: 999999 Minutes
- USB selective suspend setting: Disabled
This will keep any iStorage hard drive connected to the computer continuously on.
Note: For Windows 8.1 users You will need to install a Windows update (KB2919355) as well as follow the steps above. Please go to this link and choose Method 2: http://support.microsoft.com/kb/2919355. Once the download option appears select KB2919355 and then download and install.
Drives keep locking after 5-10 minutes on the Macs.
This will be due the Mac’s power saving as there is a setting to switch off hard drives that are idle after a fix period of time see below.
The settings in Energy Saver preferences affect what happens when your Mac is left unattended for a period of time that you specify.
Disable Put the hard disk(s) to sleep when possible to prevent the diskAshur2 going to sleep and not locking. You will also need to stop the computer sleeping to prevent the diskAshur2 from locking.
The only way to prevent this is by changing the power settings (Windows computers) of the computer so that it only switches of the monitor on hibernation/sleep and keeps power to hard drives and USB. On Apple MAC computers going to the power settings in `System Preferences` and clicking the do not suspend USB will keep the drive alive even if the MAC goes into full hibernation
Your computer may not have enough power going through to the USB to power the diskAshur2. Use the supplied USB Y-Power cable to ensure full power to the diskAshur2.
To make the diskAshur2 drive universally compatible with all the most common Operating Systems requires the drive to be formatted using the FAT file system. This is done by using `Disk Management` in Windows, `Disk Utility` on MAC OS/x or MKFS in Linux.
BadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014. SR Labs demonstrated a vulnerability in one USB device that allowed malicious code to be programmed into the USB controller through a firmware update process.
The attack described is very sophisticated and in the case of iStorage products would require advanced knowledge of our USB controller, a leaked version of our firmware, the programming tool to update our controller, the password used for our programming tool, and an in depth understanding of the device's functionality, etc.
According to SR Labs, the failsafe method to eliminate this threat is to simply disable the ability to update the controller's firmware. Many of iStorage devices shipping today, including all of our USB 3.0 security products already have the firmware locked which prevents field updates to the USB controller.
As a continuous improvement, iStorage is locking down the firmware on all USB controlles used in iStorage devices to safeguard against this vulnerability. We recommend checking our website periodically for notices regarding BadUSB and Security Updates.
You have triggered the Brute Force Attack mode and will now need to enter special unlock code to allow a further 5 attempts to enter the PIN. If the PIN is still incorrect the drive will activate the Brute Force Mechanism and deleted all PINs (Admin/User), the encryption key and data. A new Admin PIN must be created.
The procedure to gain a further 5 attempts on the diskAshur2 is:
1 – Unplug the drive, hold down the “SHIFT” button and replug it into the host, all LEDs – RED, GREEN, BLUE will light up and blink together
2 – With all LEDs blinking, enter “47867243” and press the “UNLOCK” button to get 5 final attempts.