Lately I came across a PENTAdrive PINCode+ device. Basically it's just a USB flash storage like any other pendrive, the only difference being a pin pad built into it. The idea is to have your data PIN-protected and inaccessible for anyone who gets your pendrive in their hands. The statement on a box says the device is probably the safest place for your data.
But is it really?
First of all, there's not even a word about the way data are secured. Judging from the guts of it, it could be able to perform encryption of some kind, but somehow I don't believe it actually encrypts anything. Why? Because marketers being marketers wouldn't have neglected to mention it on a box in reasonably big caps.
Anyways, even if it does encrypt data before storing them, there's no information what algorithm is used and above all one couldn't be sure it's implemented flawlessly and is reliable.
The other thing I spotted after ten minutes of testing is that device locks down after five unsuccessful PIN inputs... provided it's not disconnected from a USB port in between the attempts. When unplugged, the device forgets about all previous unsuccessful trials. So, to perform a brute force attack on the device, all one needs is to unplug it from the power supply (which in this case is a USB port) once every four PIN inputs. Using some simple device to automate the task one can brute force it really fast. Provided the device is able to test say four combinations a second, testing of all possible four-digit PINs takes less then an hour. It makes an average time needed to access the data less than half an hour. Not very safe, is it?
What is the worst, is the false impression of security. One can believe that their data are safe on this contraption, but they're not. It's not that easy to access the data for someone getting access to the device by accident and thus it's great to keep your shopping list there, but god forbid one puts any sensitive confidential data there.
The bottom line is — for important data, loss of which will cost you a lot of money, use proven and tested technology, always.