Huge USB drive capacities have encouraged users to carry lots data
while on the go, and even run software, email clients, or entire operating systems from these tiny little devices which have little
or no intrinsic security structure. Generally speaking, whomever holds the USB
drive has full and unfettered access to all information it contains. Plug it in,
open up a folder and there it is.
Recovering lost and accidentally erased data is
one thing, but what happens if you loose a 64GB USB
drive packed full of confidential details? Encryption is a good answer.
It's a security system to make data unreadable to everyone but the rightful
owner, so in the event a USB drive is lost at least the data won't be
That's the sales pitch behind the SuperTalent Luxio, a
64GB USB drive which boasts AES-256 hardware encryption. It sounds secure, yet
PCSTATS was able to crack the security on the Luxio USB drive W-I-D-E open.
In this review we'll explain how you can gain full and unfettered access to
the "encrypted" files in about 10 seconds without any special
tools, or even a correct password.
USB drive maintains quick data access rates of about 30MB/s,
or 200X, and according to the manufacturer relies on a hardware-based 256-bit Advanced Encryption Standard
(AES) algorithm. The hardware encryption works in conjunction with an application called SecureLock to encrypt/decrypt files stored on a specified
partition of the USB flash drive, while remaining essentially transparent to the user.
||Supertalent Luxio 64GB
The Supertalent Luxio comes pre-loaded with the
2.5MB SecureLock application. SecureLock allows you to create public and
private partitions of any size totalling the capacity of the USB drive. So for
example, this 64GB Luxio could be set up with a 50GB encrypted partition and a 14GB public partition. The encrypted
partition is password protected and unreadable until the owner runs the SecureLock program and logs in. The public partition
is always accessible.
In the event of a brute
force password hack, the SecureLock software is supposed to automatically format the encrypted partition
after 5 failed login attempts. Encrypted data is thus kept inaccessible to whomever attempts
to gain unauthorized access, and unfortunately to forgetful owners as well.
Sounds good so far except PCSTATS quickly discovered a way around these
security measures... we'll go over all of that momentarily.
The 64GB SuperTalent Luxio USB flash drive retails for about $140USD ($160CDN)
and is covered by a limited life-time warranty from the
manufacturer. The SecureLock application is stored on the device along with a copy of the
PDF user manual. The drive has a loop for a lanyard though
none is supplied, instead Supertalent bundle a small leather carry case to protect
the gleaming fake wood grained plastic case from scratches.
The Luxio measures 77 x 9 x 21mm in size and has a red
LED at one end to indicate data transfer activity. The drive is USB1.1 and
USB2.0 compatible, peak transfer rates are 200X, or just under 30MB/s.
The drive and encryption software
are compatible with all recent Windows 2000/XP/Vista operating systems and can
be used for Vista's
USB Drive AES-256 Encryption
The encryption tools supplied with SuperTalent's Luxio
64GB USB drive are entirely optional, you don't have to use them if you don't
need to. For anyone traveling with upwards of 64GB of data on
a USB drive however, encryption should be right up there with travel medial
insurance. Don't leave home without it!
can secure data on the Supertalent Luxio, we'll need to define a few
parameters first. This is accomplished in the same manner as the Kingston DataTraveler Elite that PCSTATS previously reviewed
- a 128-bit AES encrypted USB stick, now superceded by the AES-256 DataTraveler
With the Luxio USB drive plugged into the
PC, launch the SecureLock application and assign a
password, password hint and set the size of the public and private
The software can partition the Luxio drive in two partitions only, with
as much of the 64GB space devoted to the "encrypted"
private partition as the user wishes (minimum 10MB partition size).
It will then format the entire USB drive for use. The drive should be empty
before adjusting partition sizes or setting up encryption as the partitioning
process removes all data except for the SecureLock application and PDF user
With the encrypted data partition configured, each time
the Supertalent Luxio USB drive is connected to a PC the public data storage
space is instantly accessible. The data stored in the encrypted private partition remains inaccessible until
the SecureLock application is launched and the correct password entered (once a password is
set). The user can "log off" the secure partition by launching the
program and clicking the lock icon, or simply disconnect
the Luxio USB drive from the PC. Each time the USB drive is unplugged
from the computer the encrypted partition is automatically locked.
protection can also be disabled entirely without re-partitioning the entire USB drive
should you decide it's no longer required.
At least that's
the way SecureLock is supposed to work...
In the course of testing the Supertalent Luxio 64GB
drive PCSTATS discovered no less than four critical programming oversights in the SecureLock software that can
allow someone to lock you out of your data or circumvent your password entirely
to gain full access to your private data.