Corsair Flash Padlock USB Flash Drive Review

For its first hardware review, Security-database focuses on a new secured USB Flash drive which confirms an increasing threat concern about users’ carried piece of data . Does Corsair achieve its goal? Is it really useful ? What are limitations , pros and cons ?

Introduction

Is it necessary to explain one more time the risks of loading unprotected data on a USB flash drive that one’s could carry anywhere. So he can easily loose it.

JPEG - 11.1 kb

Just think about the personal or professional damages that could cause you someone malicious who finds your lost USB flash drive, and by the way decides to exploit your information.

Corsair recently released a new USB 2.0 flash drive, the Flash Padlock implementing a security feature: access control through a personal identification number (PIN) you have to enter before being able to gain access to the data on the drive.

++++

Description

Functionalities

  • Access control to the USB flash drive, through a PIN mechanism on the flash drive;
  • PIN code can be set using 5 keys, and can reach 10 numbers;
  • Auto-locking when removed from the computer;
  • Hardware security mechanism, that is to say: no need to use third part software or drivers;
  • Platform independent.

Technical features

  • 2 Go capacity (a 1Go version is also available)
  • USB 2.0 compliant
  • Very fast read and write averages, as most Corsair USB products (See below)
  • Unlike smartcards, the device won’t lock after “n†try

++++

Testing the device

Our first test focused on initial settings: setting a PIN code and modifying it. One advice, carefully read the user guide, it’s easy. The usage is intuitive. For example, unlocking the USB flash drive is done by just pressing the key symbol, entering your combination, pressing the key symbol again.

We tested the USB flash drive, without any mishap, on the following platforms:

  • MS Window XP Pro;
  • Mac OSX;
  • Linux Debian (kernel 2.6).
JPEG - 9.7 kb

Upon unlocking the flash drive, thus will be mounted and accessed without any third part software or driver installation.

We tested the auto-locking mechanism. Either unlocked while unplugged or quickly unplugged, the flash drive automatically locks itself after more or less 15 seconds.

We measured the Flash Padlock read / write performances:

  • Write speed 8Mo/s
  • Read speed 18Mo/s

++++

Usability

The design is humble and needs some improvements. But here we deal with security not with art (unfortunately ?).

Besides, the user guide is short, easily readable and not time consuming. Upon understanding the major keys of the Flash Padlock, you’ll be able to use it quickly.

JPEG - 10.9 kb

The Flash Padlock contains an embedded battery, which allows the user to set (unlock and change) his PIN without any direct connection to the USB plug.

This is a very good point, because it reduces the risks of connectivity damages (while manipulating a plugged device). In other terms, the MTBF is enhanced.

++++

Security

What are we talking about? This USB flash drive doesn’t implement a confidentiality mechanism, like an encryption system. The main security key benefit of this flash drive is to control data access. There is a huge difference.

By only preventing unauthorized access, and not encrypting the data stored on the USB flash drive, the opportunity to retrieve data by some way is on.

JPEG - 3.3 kb

We don’t know exactly how the access control has been implemented. Nevertheless we are pretty convinced that hacking into the integrated circuits of the flash drive would allow data extraction.
Anyway, we don’t have the appropriate hardware to perform such test and to prove this kind of attack.

There are USB flash drives which encrypt the stored data. Unfortunately, most of those devices encrypt the data using an external (not embedded) software encryption mechanism.

In such a case, the security level is decreased (because sensitive operations are performed in a potentially unsecure computer), and especially, using a software makes the USB flash drive platform-dependent.

Implementing a real and secure encryption mechanism means implementing on the USB flash drive, besides the mass storage module, a cryptoprocessor engine, which can run all cryptographic operations needed to manipulate data confidentiality. But such built-in cryptoprocessors are quite expensive: higher than the Flash Padlock price.

In final word, from a security point of view, corsair’s Flash Padlock has a good ratio price quality

According to us, the access control mechanism only has one deficiency: when unplugged, there is a 10 seconds time the Flash Padlock is unlocked.

A bad person can use this lap time to plug it again to his laptop, and then illegally access to the data stored on the USB flash drive.

++++

Conclusion

Considering the previous discussed points, we recommend the following hints for an optimal use of the Padlock Flash:

  • Use it as a daily USB flash drive. The read / write performances, security benefits, the storage capacity and the price make this flash drive better than any common and ordinary key. Moreover, if stolen, your data won’t be directly exposed.
  • Never leave the Flash Padlock plugged on your workstation during your coffee time.
  • Choose a good PIN code (more than 6 numbers, avoid birthday dates or such easy-to-guess combinations (1234 or 0000)). Note that Corsair website offers a PIN code reminder service for its customers (here is the URL link http://www.corsair.com/padlock).
  • Security-database recommends using this kind of key to store personal or professional data, for all audiences including “security professionals†.
  • Don’t use it to store sensitive or confidential data, due to the lack of an embedded encryption engine.
  • The affordable price, 29.99 USD for 1GB and 39.99 USD for 2GB allows such a wide usage.