Probably it was already in the microcontroller they're using. XTS was only FIPS-approved in 2010, iirc. Plenty of other things use CBC, and XTS also has plenty of pitfalls for the unwary who think it works magic (particularly when it comes to the adaptive ciphertext observation/modification class of attacks, in the absence of integrity protection).
Speaking of magic, I've just realised one big potential problem that's been bugging me about this, which finally leaped out at me.
Destruct is controlled via SMS? That is to say, unless they've been unbelievably careful about shielding and optoelectronic coupling (and from the photos, they haven't) there's almost certainly a GSM transceiver, inside the security boundary, near the data paths.
Oops.
Those familiar with EMSEC will know why this could present a Big Problemâ„¢. My first port of call, attacking one of these, rather than stealing it, would probably be to sit in the car park with a femtocell and a directional antenna, and make sure the device gets really loud GSM reception. And see what crosstalk gets modulated back. :)
(If you don't think this is a realistic attack for you, why are you in the market for Mission Impossible gadgets anyway? Use TrueCrypt or dm-crypt or DiskCryptor or something. At least you can analyse how they work more easily.)
Similarly, if it's made by, or spiked by, a malicious actor, it's got scope to go kleptographic on your ass and covertly transmit your data. Need to be careful about that.
Speaking of magic, I've just realised one big potential problem that's been bugging me about this, which finally leaped out at me.
Destruct is controlled via SMS? That is to say, unless they've been unbelievably careful about shielding and optoelectronic coupling (and from the photos, they haven't) there's almost certainly a GSM transceiver, inside the security boundary, near the data paths.
Oops.
Those familiar with EMSEC will know why this could present a Big Problemâ„¢. My first port of call, attacking one of these, rather than stealing it, would probably be to sit in the car park with a femtocell and a directional antenna, and make sure the device gets really loud GSM reception. And see what crosstalk gets modulated back. :)
(If you don't think this is a realistic attack for you, why are you in the market for Mission Impossible gadgets anyway? Use TrueCrypt or dm-crypt or DiskCryptor or something. At least you can analyse how they work more easily.)
Similarly, if it's made by, or spiked by, a malicious actor, it's got scope to go kleptographic on your ass and covertly transmit your data. Need to be careful about that.