If you try to market a product as "unhackable," it stands to reason that someone is going to attempt to hack your device to knock you down a peg or two. That is exactly what happened with eyeDisk, which was first brought to light last year with a successful Kickstarter
eyeDisk was able to raise over $21,000 from nearly 250 backers and began shipping the thumb drive in 32GB and 128GB capacities earlier this year. The device uses a combination of AES-256 encryption and iris recognition to lock down the device and keep it safe from harm's way. In fact, eyeDisk was billed as "the world's first USB flash drive that uses iris recognition technology for unbeatable data security."
Researchers from Pen Test Partners were able to put the eyeDisk's "unhackable" claim to the test, and the drive failed spectacularly - despite all the claims via its Kickstarter page touting its security. Although attempts to fool the onboard camera used for the iris unlock feature failed (score one for the eyeDisk team), researcher David Lodge found that he was able to use a USB traffic sniffing tool to easily obtain the backup password that was user-set on the device.
"That string in red, that's the password I set on the device. In the clear. Across an easy to sniff bus," writes Lodge. "The bit in blue is a 16 byte hash, which is about the right size for md5 and doesn't match the hash of the password, so it could be the iris hash.
"Let me just repeat this: this 'unhackable' device unlocks the volume by sending a password through in clear text."