Letter: Lexar JumpDrives

Recently I talked about a security vulnerability in Lexar's JumpDrives. I received this e-mail from the company:

From: Diane Carlini
Subject: Lexar's JumpDrive

@stake's findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area. This was only the case in version 1.0 which included SafeGuard. Lexar's JumpDrive Secure 2.0 device now includes software based on 256-bit AES Encryption Technology. With this new product, JumpDrive Secure 2.0 offers the highest level of data protection that is commonly available today.

Registered JumpDrive Secure customers will be contacted to inform them of this Security Advisory found in version 1.

I have no technical information, either from Lexar or @Stake, that verifies or refutes this claim.

Posted on November 5, 2004 at 9:53 AM • 54 Comments

Comments

Israel TorresNovember 5, 2004 10:22 AM

Diane's attempted downplay in the letter by explaining "...findings revealed a slight security exposure in scenarios where an experienced hacker could potentially monitor and gain access to the secure area." is enough to know that there "potentially" may be more "slight" exposures in the future that will be handled with the same ignorance as they did in their initial non-response.

Fool me once, shame on you... Fool me twice shame on me...

Israel Torres

malcomvetterNovember 5, 2004 10:34 AM

Maybe one should not trust the software that comes with the device at all. I am of the inclination to use a device's software for OS driver interaction only, and then to put my trust in something more proven, like PGP/GPG.

For those of you interested in the ease of use with a USB drive like Lexar's, perhaps you should review open source TrueCrypt [http://truecrypt.sourceforge.net/], which not only uses common implementations of AES256 and Blowfish, but also adds the simplicity of mounting a drive with drag and drop. Add on the fact that there's plausible deniability (great lengths are taken to ensure that your lost drive looks like it had random, corrupted data on it), and you're probably in a much better situation than trusting the closed source OEM code.

-malcomvetter

daveeNovember 5, 2004 10:50 AM

"now includes software based on 256-bit AES Encryption Technology"? Isn't the first version already based on AES-256 (just horribly, horribly implemented)?

Our organisation's HQ has this drive as their only "approved USB drive" because It Has Built-In Security(tm). And yes, I've told them :-)

Michael A. PlumleeNovember 5, 2004 4:32 PM

Lexar's comments are typical backpedaling
done by a company to deflect the fact that they messed up.

I have one of these JumpDrives and the first thing I did was delete the software that came with it and created a PGP Drive on it. I lose some convenience by reqiring PGP to mount the encrypted drive, but I don't worry about having a drive with sensitive data in the clear. I can always encypt something as a self-decrypting archive if I need easier access to it.

Bruce ArnoldNovember 6, 2004 7:47 AM

Same as Mr. Plumlee: I used PGP Disk to create a secure area on the Lexar. No big deal.

AndrewNovember 27, 2004 5:55 PM

How can I get into the Lexar Jumpdrive Secure. My friend forgot his password and needs to get in (hack, crack, anything) and erase the password. All the websites I find, say it it easy to find the password on the JumpDrive. Am I missing it completely.

guy from philippinesNovember 26, 2005 9:31 AM

same prob. here, i let my nephew borrow my jumpdrive, he changed password of the secure partition til such time he forgot. almost 75% of it was totally useless. even formatting it wont help..u can only format the unsecured one..pls help!

TayDecember 29, 2005 10:35 PM

i need help!! i purchased my jumpdrive a while ago, set a password, didnt use my jumpdrive for a while, and when i needed it i couldnt get in because i had forgotten my password, please help!

BenritoJanuary 1, 2006 9:30 PM

same problem here--but I'm more of an idiot--I mistyped the same password twice! Ugh. any help would be great!

uneebJanuary 1, 2006 10:27 PM

y isnt anyone answering these questions, sam happened with me tht i forgot the password for the srcure are on my jumpdrive and cannot get in now. is suks, any solutions???????

DonnaJanuary 10, 2006 5:47 PM

I forgot my password and the clue has left me clue-less, to add to the problem I read the above emails and have no idea how to format it. New with techno stuff. please help

kevinJanuary 11, 2006 7:00 PM

to anyone and everyone that has a problem with a lexar jumpdrive secure and forgotten passwords, i had the same problem, lexar sent a utility (did not work), offered to rma (takes a cpl weeks) here is the solution using a usb to xbox adapter insert jumpdrive into xbox, let it format it then put it back into the computer, reformat it fat 32 and all is back to normal.

kevinJanuary 12, 2006 10:04 AM

yes it is an adapter for the controller port, i can provide unlocking service to anyone who needs it my email is kwright_420@hotmail.com

TrashJanuary 12, 2006 7:05 PM

Solution:
Ok, I did it too... Lost the password to my lexar jumpdrive. Man it's frustrating but what can you do... Pick up the lockpick and get going...

So here is how I did it on my xp-pro system:

1. Get with the chat support at lexarmedia.com

2. Get them to send you the unlock program.

3. Run it. (it takes of the write protection on the partitions)

4. Back up the jdsecure program to your desktop computer from the public partition.

5. I'm serious, back it up!

6. Open up the diskmanager. (from my computer, manage, diskmanager)

7. Delete the public and the private partition.

8. Create a new partition that you call PUBLIC

9. Run the jdsecure program that you backed up.

10. Now you can reconfigure your drive as if it was new.

Back in business, chers!

-trash

MartinFebruary 11, 2006 11:55 AM

I just purchased a JumpDrive Secure II
When I encrypt a file I get a Generic Icon, with No ability to Double Click and then open that file. It should show an Icon with a lock on it & then when you double click it should ask you for the password. I have tried this on 4 separate computers all running Windows XP or XP Professional, all with the same result. I thought that perhaps there was a problem with the JumpDrive itself, then I bought a 2nd one to test and see if I had the same issue, I did.
Anyone having this same issue. Tech Support has been unable to give me an answer as to why or how to correct this. Any help would be appreciated.

EdwinFebruary 12, 2006 1:17 AM

I have no clue about this website, all I did was search on how to reset my jumpdrive password. I followed the instructions that "Trash" left us. It worked. I chatted with Live Support, gave them my email, they sent me my program (Resets Hardware/Erases All Data-Use Caution). After that I was back in action. Thanks Random Website! Google Too!

EdriceMarch 11, 2006 1:05 PM


Hi Mr/Ms.

I’m a network analysis technician in Telecommunication Company. Doing by myself, the password of my lexar secure drive has been changed when I tried to configure my secure partition. I have several important informations on it. Pleased your help is granted to recover my password.

Thanks to you

Edrice Thomas
Telecommunication Tech
edricet@excite.com

harold mauricioMarch 14, 2006 12:16 PM

tengo una memoria lexar de 256mb y esta bloqueada y deseo saber si existe un software para el desbloqueo de la memoria.
es secure digital 256 y perdi el jumper de bloqueo y desbloqueo

franklau53April 24, 2006 11:56 AM

This started happening out of the blue. When I try to log into my Lexar secure drive the following message pops up after entering my password:
"Could not mount the secure drive.
Please restart application."
It recognizes my password but won't open the application. Any ideas?

SarahAugust 17, 2006 10:01 AM

On this issue:
>>> This started happening out of the blue. When I try to log into my Lexar secure drive the following message pops up after entering my password:
"Could not mount the secure drive.
Please restart application."
It recognizes my password but won't open the application. Any ideas?


Spoke with a Lexar Tech Support and suggest to reformat the Jump Drive, repartition and install back the secure software

GaryOctober 2, 2006 4:37 AM

I had it happen on my new Xp MCE computer. I tried it on my old laptop and it worked just fine. As a result I changed it to all public and it still worked fine.

GaryOctober 2, 2006 4:56 AM

I spoke to Lexar about this message:

"Could not mount the secure drive.
Please restart application."

I explained that my NEW computer was a XP MCE (media center edition). The memory stick (JD Secure 1 Gb) works still in ALL my other computers.

I was advised that this error message was caused by an incompatibility with XP MCE and that there was no plan to issue a fix at present. It will work as a PUBLIC memory Stick with XP MCE, but not as a Secure Memory Stick.

Nice work LEXAR!!!!!

WildNovember 5, 2006 8:33 AM

Qoute:

I explained that my NEW computer was a XP MCE (media center edition). The memory stick (JD Secure 1 Gb) works still in ALL my other computers.

I was advised that this error message was caused by an incompatibility with XP MCE and that there was no plan to issue a fix at present. It will work as a PUBLIC memory Stick with XP MCE, but not as a Secure Memory Stick.


My question still remains,how can this be fixed?Does anybody know of a patch or program that will fix issue.....Much Thanks


Wild

CharlieDecember 28, 2006 4:51 PM

Same problem..."Cannot...Please restart..."
Works fine on other computers.
Lexars tech fix ?
"Go to one of the computers it works on, back up the info..reformat the drive."
ok this is just stupid, but JUST to say I followed their directions I did, at LEAST I was able to retrieve my data.
Any guesses on what happened after that ?
"Cannot...Please restart..."
Now we all know there has to a be a registry key that needs to be nuked somewhere, I've nuked the "normal" USB keys to no avail.
So maybe Lexars phone guys should give one of the Dev guys a call ?


UnhappyJanuary 20, 2007 1:25 PM

Same problem. I did the original format on xp pro. It still works on that system. When I plug it into xp home it won't mount. Think I'll try another vendor stick.

aceFebruary 1, 2007 3:40 AM

Ran into the problem of forgetting the password on the Lexar Jumpdrive Secure
and found a workaround :

you can reformat the " secure " partition using truecrypt , so you can reuse that
space as an encrypted volume on the USB instead of having it wasted .

LouInALApril 28, 2007 2:09 PM

I have XP Pro at work AND at home. My Lexar JumpDrive started giving me this problem ("Could not mount the secure drive. Please restart application.") at home but still works fine at work. I don't see how re-formatting it would do any good, it is obviously something wrong with this PC, a corrupt file somewhere or a registry key that needs to be deleted like Charlie said.

geoforMay 17, 2007 2:25 AM

i can create vaults on my securell but can't open them. password enters ok but dialogue box continues to say vault not mounted. i'm using a mac 10.4.7. lexar support sent me a software update that didn't fix the prob. anyone got a solution please? the stick's other functions work normally (but i bought it for the security, of course).

VeitchMay 20, 2007 3:02 AM

My drive was stolen recently and now i cant use the lexar software. I need to extract files from a backup of a vault. i used live chat but they said to buy a new one! is there any way to get my files?

georgeJuly 20, 2007 10:27 AM

I have same problem as geofor, and I am also using the Lexar jumpdrive on Tiger (new Intel iMac). I can create a vault but no way to open it. It asks for the password, but then NOTHING. Very frustrating. They have to be aware of this problem! If so, it's a fraudulent product. Security is essential for most people who by these bloody things.

beojanAugust 31, 2007 1:37 PM

You can get the secure II software in the PowerToGo package on the Lexar download site.

kevSeptember 8, 2007 6:02 PM

I really need to keep my files on my jumpdrive. I have forgotten the password and cant afford to do the above formats etc, as this will erase the data. I want to retain the data! - is there any way I can get by the password or is there a patch or something?

Someone please help I dont want to lose the files.

Lexar OGSeptember 27, 2007 12:37 AM

Lexar Secure II software have back door. Good luck finding the answer from Lexar support. The only support they have is base in India. The whole tech support team in USA was CANNED 2 month ago. There is a lots of Lexar new issue with no solution, except for replacing the product. Only supports that you have are the over in India or crucial….…Good luck.

Lexar OG

peeweepunchDecember 2, 2007 5:02 PM

I've had the same trouble with Lexar Secure II not letting me decrypt a file because it had the error "invalid password". I did not use the wrong password but no matter what I do, it won't decrypt. The support techs are worthless. Any information they give you can be read on the help page of the software. Now that I know that Lexar canned the USA tech support, I won't be purchasing ANYTHING from them in the future!!

ZiziDecember 26, 2007 3:42 PM

hey,
i put a password on sum pics i had on a memory card and now i cant remember what it is!! its really anoying!!!
can anyone help me???? thnx, Z x

AnonymousJanuary 10, 2008 12:17 PM

same problem as above!!!!

made a secure vault with some pics, but have now misplaced my password!! im running windows vista, does anyone have any help they can provide?

AnonymousApril 12, 2008 9:57 AM

I have my password but can't find or open the secure drive...?? I divided in half, but secure side doesn't show and or when prompted, I get following message: "[-20028] Could not mount the secure device. Please restart application." Can you HELP me...??

BobJune 5, 2008 1:01 PM

I've forgotten my password for my Lexar II drive. The clue it is giving me is nothing I use. Can I remove the password.

AndrewAugust 8, 2008 9:41 AM

I see a number of comments about losing the password. Mine is different, twice now the Vault itself disappeared from the daxhboard of my lexar II secure drive. No help from lexar, and the lost one still takes up space. Any idea how I can restore the vault.

AnonymousSeptember 8, 2008 10:21 AM

hi i have the jump drive put need the safegfuard for my files please just need to download it i lost mycd please thank u

JamesSeptember 8, 2008 10:23 AM

hi i have the jump drive put need the safegfuard for my files please just need to download it i lost mycd please thank u

kateDecember 2, 2008 8:28 PM

Is there anyone out there who can hack into the lexar jump drive secure- without deleting the info. I have important pictures that i dont want to delete. but dont know the password.. willing to pay for help!!!

MelodyMarch 1, 2009 2:06 PM

At least I feel less of an idiot after reading many of the above posts. I took forgot my password. I too have the drive split and I have important documents on the password protected portion. I took contacted tech support and "chatted" online with someone from India. I too was given information as to how to reformat but would lose all of my data. Come on, there must be a way to override it somehow. The data is there!
Help, help, help!

puzzlerApril 5, 2009 1:16 PM

Safeguard simply doesn't work if you have MCE (I just installed the MCE feature and now I can't access my secure area.) I plugged my Jumpdrive into another computer NOT configured for MCE and I entered a bad password when prompted. BUT THIS TIME MY HINT WAS DISPLAYED!! This allowed me to remember my password and I entered it and access the secure drive!!

optikFebruary 27, 2010 1:33 PM

i have a jumpdrive Secure II and mac osx 10.6.2. i can create a vault, mount it and put files on it but when i re-mount the vault all the files are corrupted. can anyone help me??

Lexar Secure IIMarch 2, 2010 4:15 PM

Oh Man this company, support sucks.
Mr Harry Lexar Support Tech doesn't know what he is talking.
Advised to contact a data recovery company for lost password. What a joke.

Sales Lady has no clue
Sales Supervisor has no clue

Only advise to format and look for software on Lexar site which has none.

Oh man they don't know what they have or not.

God Bless Lexar
God Bless Lexar product buyers

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..