The products known as fingerprint USB drives are actually constructed from solid-state flash memory. Even though they don’t have the moving mechanical parts that used to be associated with storage drives, we continue to call them drives. Computer operating systems operate on fingerprint USB flash with the same commands that they use to write to and read from mechanical drives.
Our TopTenREVIEWS Bronze Award winner, the BUSlink Biometric Fingerprint USB Flash Drive from Global Silicon Electronics, is at a disadvantage in comparison to the Transcend JetFlash 220 USB Flash Drive from Transcend International. Its warranty is not as good. It can’t store as many unique fingerprint templates. It uses a proprietary encryption scheme as opposed to the 256-bit standard. It supports Windows machines only.
Fingerprint USB products are one of the portable storage industry’s responses to the catastrophic security compromises that began soon after the first unsecured thumb drives hit the market. Nuclear weapons documents were found on an unsecure flash drive in the home of an employee of the Los Alamos National Laboratory in 2006. Among the documents were details of ways to bypass U.S. nuclear weapons security locks. In 2007, an American soldier in Iraq lost a memory stick that contained personal videos. Soon after the loss, his videos appeared on Iraqi TV, edited to create anti-American propaganda. In 2008, in the United Kingdom, a government employee lost an unsecured drive outside of a pub. It contained the National Insurance numbers and credit card details for 12 million people. In 2009, United States-based Health Net misplaced a thumb drive that contained 1.5 million client records.
An important security alternative to biometric USB flash technology is password protection. Our fingerprint USB product category winner, the Kanguru Bio AES, uses both approaches to security. The BUSlink Biometric product depends solely on fingerprint scanning in order to protect its data. Biometric flash drive proponents make the argument that human fingerprints are unique and therefore perfectly suited to protect data. They also like the fact that, since there is no password to steal, malware that logs keystrokes has nothing to capture.
Nobody disagrees that fingerprint USB drives are easier to access than password-protected equivalents. But biometrics can involve inconvenience, because not every human fingerprint is capable of being scanned reliably by fingerprint USB readers. The components in such low-cost devices, plus processing by low-powered onboard central processing units, conspire to result in situations where a fingerprint that was previously accepted might suddenly begin to be rejected. Another potential inconvenience associated with fingerprint USB products becomes apparent to administrators following employee resignation or termination. Without the cooperation of the employee, fingerprint-protected data remains inaccessible.
Fingerprint USB flash drives are capable of being tricked into positive scans by artificial fingers. At Yokohama National University in Japan, researchers at the Graduate School of Environmental and Information Science were able to lift fingerprints from certain surfaces and turn them into 3D molds that produced gummy fingers out of silicone and gelatin. These Japanese gummy fingers were able to spoof scanners 80 percent of the time. Secure USB flash that depends only on scanning is not as safe as password protection.
The BUSlink Biometric is capable of saving up to five different approved fingerprint passwords. It scans fingerprints at a resolution of 508 dots per inch. The encryption scheme is proprietary and the vendor does not publish or discuss details.
Technical support is by telephone or email. The warranty is for one year.
The BUSlink Biometric drive certainly contains a lot of storage for its price. But if security is the goal, we are leery of thumb drives that rely on biometrics as the only form of security. It is, perhaps, not a useful exercise to make unfavorable comparisons between the BUSlink Biometric drive and the Transcend JetFlash 220 when the more useful comparison is with our fingerprint USB category winner, the Kanguru Bio AES. It doesn’t matter much that the BUSLink Biometric has a less-generous warranty or a smaller fingerprint record capacity in comparison with the Transcend JetFlash 220 when both of them are vulnerable to the limitations of biometric technology. The far better fingerprint USB choice is the Kanguru Bio AES. And the big reason that it is better is that the Kanguru offers password protection in addition to fingerprint scanning. Important but less-critical reasons to choose the Kanguru include its generous warranty and the fact that its 256-bit AES is FIPS validated.
For analysis of thumb drives other than biometric flash drives, our review of secure USB drives looks at products that have password protection as opposed to scanner-based protection.
