Kingston DataTraveler 4000 G2 64GB USB Flash Drive Reviewed

Have you ever lost a USB flash drive or any hard drive with important information? Did it have personal or sensitive work information that you wished would magically erase itself? You can bet many a computer user have lost sleep worrying about losing theirs. And, all too often a company employee has lost vital customer information probably to be sold to the highest bidder. What if you could transport your data securely in such a way that it can’t be retrieved through software or physical means?

Kingston has developed a very useful Managed Solution USB flash drive that makes transporting data easy and secure. That solution is the DataTraveler 4000 G2 64GB USB 3.0 flash drive. It offers built in AES encryption, management interface and a physical design that renders the device unrecoverable if opened. We found a room of white hat (and a couple gray hat) cyber security specialists willing to help put it to the test.

Features and Specifications

The Kingston DataTraveler 4000 G2 comes in two models: Management Ready (managed solution) and Standard. Capacities range from 4GB to 64GB. The Management Ready model supports Blockmaster Safe Console Management interface for physical or remote managing. The Standard does not. However, both do come with the following features:

• FIPS 140-2 Level 3 Validation – FIPS is a standard DoD and government follow for implementing security measures.
• 256-bit AES Hardware Encryption in XTS Mode – A built in controller ensures 100% of the stored data is encrypted and protected.
• Password Protection – A minimum number of characters are required and is also encrypted.
• Tamper Evident Seal – If the device is physically opened, or the crypto module is modified, the flash drive is essentially bricked – dead.
• Read-Only Access Mode – When selected, the flash drive can only be read protecting against malware intrusion.
• Secure Lock – After 10 failed login attempts, the controller formats the flash drive destroying all data.
• Durable and Waterproof – Sports a durable stainless steel housing and waterproof.
• TAA Compliant – Trade Agreement Act limits certain countries from acquiring these through normal means.
• 5-year warranty and free technical support.

For the more serious security users that like to validate and control external BYOD policy on their network so that only approved storage devices have access, Kingston has a Customization Program that can:

• Use a 24 character bar-coded serial number for cataloging and identifying trusted flash drives.
• Serial numbers can be etched externally.
• Add a custom Product Identification (PID) unique to the device and your organization.
• Select a secure protected and locked data block for organizational use.
• Program a dual password option with administrator password to unlock the drive.
• Load digital files on to a read-only CD partition on the flash drive to protect against accidental deletion. It uses a CheckSum and screenshot.
• Laser-etch your 4000 G2 with a custom logo or identifying mark.

Management-Ready (Optional BlockMaster)

Our sample is a DataTraveler 4000 G2 64GB Managed Solution flash drive. We sampled Blockmaster’s trial SafeConsole Secure USB software to see what it does. Not only does it recognize the Kingston DT4000G2M-R flash drive, the tool really does give you greater administrative control over your devices.

If you’re concerned with managing your DT4000G2M-R flash drives, it would be worth investing in the software to recover passwords, data, or use of the device.

Pricing and Availability

The Kingston DataTraveler 4000 G2 standard and management-read flash drives can be quite spendy. We’ve seen the 8GB cost $50 US. The 32GB model costs about $125 US available with free shipping in most cases.

This is obviously quite a bit more money than we’re use to spending. However, the DataTraveler 4000 G2 isn’t a common flash drive. Kingston took the time to research and thoroughly test the series to meet FIPS compliance and ensure it works with Blockmaster Security. That is not an easy thing to achieve without an investment. As it stands, any really serious security professional will appreciate the security control despite the cost.

Test Setup

Testing was performed on five different workstations running different operating systems. Fortunately all that’s needed for reliable data transfer is a stable platform. The Kingston DataTraveler 4000 G2 operated correctly on each without issue.

• System 1: Intel Core i5-2500K, ASRock P67 Pro, Win 8.1
• System 2: Intel Core i5-3750K, MSI Z87-GD65, Win 8.1
• System 3: AMD FX-8350, ASUS M5A99FX Pro, Win 7 Pro
• System 4: Intel Core i7-5960X, ASUS X99-A, Win 10
• System 5: Intel Core i7-4790K, GIGABYTE GA-Z97X-UD5H, Linux

Make sure that you alert your system administrators and cyber security engineers before plugging in your 4000 G2 flash drive. It will want to contact Active Directory and/or BlockMaster servers if you have purchased the support. You don’t want it auto blocked by firewalls or other security measures. Let’s see how the 4000 G2 works and performs.

Installation

All you have to do is plug the Kingston DataTraveler 4000 G2 in to a working USB 3.0 port. Most systems will auto detect and communicate with the flash drive. You’ll be greeted with the screen above at which point you have to fill in the blanks.

The drive volume opens. Interestingly, the amount of data isn’t visible until you log in. That keeps prying eyes from spotting hints of information.

Under the Actions tab are the settings options. You have several languages to choose from, except for the countries that aren’t TAA approved, plus an automatic lockout setting which is a nice touch for ensuring better security in the event you walk away from your workstation.

Users can also select Connect to SafeConsole under Actions. The flash drive will ask for a connection token. That token is typically created by an administrator action even under Active Directory which allows the flash drive to connect. Naturally, you’ll need to pay for the SafeConsole software. A SafeConsole Lifetime License for Kingston is $45. (Blockmaster also offers USB Lock Out and SafeConsole Cloud options.)

Flash Drive Security in Action

So, you lost your Kingston DataTraveler 4000 G2. Or it was taken. What happens when the finder attempts to login to the flash drive? Is the data safe?

When the perp plugs in the flash drive, it will prompt for a password (left). The perp has only 10 tries to get it right (middle). Naturally, they will fail as long as you used a good/very good password. The flash drive will lock itself out (right). The only action is to reset and permanently erase the flash drive. Sure, they get a cool flash drive but the data is gone.

Can You Fool the Kingston DataTraveler 4000 G2?

The answer is no. Even if the perp disconnects the flash drive or moves it to another system, when prompted for a password, it will count that as an attempt. If the perp moves the flash drive to another system after reaching the reset lock out warning, it will still require reset. The internal controller keeps that locked.

If the perp attempts to open the housing, the flash drive breaks internally and won’t work at all. If the perp uses some sophisticated cloak-and-dagger method (software or JTAG) to compromise the controller, the flash drive will brick. As it stands, the flash drive cannot be fooled.

How Fast Does it Transfer?

Testing the Kingston DataTraveler 4000 G2 was a little tricky. Without the password, the flash drive denies the benchmark. Sequential and 4K block performance were tested using 1 GB files. Results were compared to a HyperX DataTraveler 64GB USB 3.0 flash drive.

The results are misleading. Sequential read performance is about 11 MB/s slower and sequential write is 2 MB/s slower. However, 4K block write performance is better on the G2 which makes it quicker to use. Also, keep in mind that the G2 is actively encrypting and managing data while it’s moved.

Access time is .25 ms on the HyperX and .26 ms on the G2. Between the encryption and access time, Kingston has used a very good controller inside.

Final Thoughts

The Kingston DataTraveler 4000 G2 64GB USB 3.0 flash drive is a seemingly simple device. But it’s much more than that. It’s a very useful tool for transporting and sharing protected data. The 4000 G2 has the ability to protect that data through complete encryption and physical preventative measures that lock out/format/reset the device after 10 password failed attempts or physical manipulation. It can even be managed administratively and remotely. This kind of access and security is invaluable to users and administrators.

However, there is one caveat or potential weakness using this device: the person selecting a password. While eight characters is the minimum, people tend to choose something simple to remember, which in turn creates the risk. Make sure you choose a very good password, even if you have to memorize it. Or, let an administrator assign a really complex password using Active Directory or Blockmaster’s SafeConsole.

Sure, we found other AES 256-bit capable flash drives out there. Most similar industry flash drives lack software security, while other encrypted flash drives like IronKey lack the same level of physical preventative security. Plus, IronKey is far more expensive!

The bottom line here is that the Kingston DataTraveler 4000 G2 64GB USB flash drive offers the kind of security standard needed at every level of every day computing. If all flash drives offered AES 256-bit encryption and tamper-proof physical security, we just might be farther ahead of the threat curve. All pro users serious about information security need the 4000 G2 and that’s why we’re giving it the Futurelooks.com Editors’ Choice Award.