Besides their crazy retail price, what do many newly released mobile phones have in common? Fingerprint locking technology. It’s being lauded as the future of security for computing and mobile devices in the wake of continuing cyber attacks and cyber defense fragility. So it is no surprise to see that tech try to extend into other mediums too, such as the USB drive. Despite cloud technology’s appeal, the tried and true USB flash drive is still a standard tool implemented in our data storage tasks and is therefore a major target for hackers and nefarious data thieves.
Several OEMs have tried to remedy these attacks with various security measures such as pin codes, passwords, encryption, and 2 factor authentication. Unfortunately, these are proving to be minor hurdles for determined hackers. But one initiative on Indiegogo is trying to crowdfund a project to bring the fingerprint USB drive to the market. They claim it will support most Windows operating systems and that their product is tough enough to weather scratching and security threats.
The overall design looks promising. It offers fingerprint encryption, high speed identification, dual storage, and privacy management—all in a sleek, modern styled drive. It will be offered in a variety of capacities, from 8-64GB) which will affect the price, of course. The drives are expected to be delivered in September. This exciting new gadget almost covers up the fact that other fingerprint encrypted drives already exist on the market, albeit in small numbers and with unimpressive performance and stats. You can in fact purchase a fingerprint locked drive right now, but you’ll find your options limited and the cost still a bit steep. You can find a few on Amazon from Forrader, Farsler, and Biorec, mostly around $40-50 USD. Biorec offers a cheaper option ($13 USD) but it is not well reviewed.
The problem with fingerprint locking technology is that it has had several flaws in its trajectory in the market. Fingerprint scanners on mobile devices and gadgets do not read full fingerprints; they only take a small partial reading. Full fingerprints are very difficult to fake but it’s much easier to fool with a partial copy or clone. These systems are also vulnerable to false matches or be tricked into accepting two fingerprints as a key instead of one. A simple photograph or scanned image of your print, through clones or dummies, is enough to gain access to your drive. It is also weak against replay attacks wherein a legitimate print unlocks the device and the command is replayed to allow access later. And unfortunately, there’s not much you can do (besides add an additional encryption) to beef up the security on it because you can’t change your fingerprints!
Physically speaking, the sensors on the drive are just not good quality. They don’t read well or stop working entirely. Drives are often bulky to accommodate the reader and they’re not very aesthetically pleasing. They’re also expensive, not abundantly available, and can be difficult to find.
Biometric authentication like fingerprint and facial recognition seem to be the popular method to turn to when OEMs are looking for features in future devices. Perhaps they make more sense for mobile phones which utilize computers to operate and thus have more real estate to devote to better components and defenses, but the simple but important data storage nature of a flash drive may leave it open to attack.
So the question must be: is this a good investment? As it is a crowd funded endeavor, there is a risk that the backers of the project will not receive returns for their investment. There certainly isn’t a big push for such a device to exist on the consumer market and the increasingly niche use of USB drives in general makes this feel too little, too late. Coupled with the other issues of this tech (bulky, slow, imperfect performance), it doesn’t feel like it’s a good way to go right now unless OEMs can really hustle and get this technology perfect now. With security breaches increasing in number and severity, this isn’t the time to be leaning on imperfect safety measures. The reality is that it’s unlikely we’ll ever find a fool proof way of keeping hackers out but perhaps we can get far enough ahead of their abilities to minimize damage. The best thing we can do until some solution is available is to use multiple methods to secure our sensitive data.