Spyrus Flash Keys Are BadUSB-Proof
Also protected by hardware security modules
This is a Press Release edited by StorageNewsletter.com on August 21, 2014 at 2:52 pmSPYRUS Inc. announced that all SPYRUS bootable Windows To Go and encrypting storage drives, including the Secured by SPYRUS Kingston DT5000, DT6000, and PNY drives are invulnerable to BadUSB attacks.
BadUSB attacks were publicized at the recent presentation from the 2014 Black Hat Conference entitled BadUSB: On accessories that turn evil, by Karsten Nohl and Jacob Lell of the SRLabs, Berlin. This lab study publicizes a latent, but understood vulnerability, that potentially could affect any unprotected USB or microcontroller network connected device on the market today.
“This is not a previously unknown vulnerability. SPYRUS has been protecting our encrypted drives since our first product design that was used to protect the DoD Defense Message System with a cryptographically secure design that integrates signed firmware updates into the manufacturing process along with selective hardware disabling of update processes,” said Tom Dickens, COO, SPYRUS. “This completely defeats USB hack attacks. If the firmware is somehow tampered with after signing, signature verification will fail and the unauthenticated update terminates. Contrary to the presentation’s description of the ‘limitations’ or difficulty of applying the use of code-signing for firmware updates to microcontrollers as an effective deterrent because of the difficulty of implementation, SPYRUS has implemented cryptographic code signing in all our security products as a core competency since the release of our first product.“
In essence, this attack can convert benign, normally secure USB peripherals or any vulnerable device controllers into BadUSBs or bad controllers for purposes determined by an attacker. Conventional malware scanners and antivirus programs cannot detect the tampering after-the-fact. By the time it’s detected, it may be too late to reverse the results because of device or system operational failures. The only way to prevent this attack is to understand how to prevent it in the initial design and implementation of the firmware architecture.
The firmware hack attack described in the Nohl-Lell presentation can change, in whole or in part, original unprotected controller firmware code and replace it with new code, indistinguishable from a vendor firmware update. However, unlike a legitimate firmware update from a device vendor, it morphs the controller into whatever new behavior and set of characteristics the attacker desires. This is true whether the memory controller is a USB storage device, automated CNC machine, medical device, energy grid component, or any device controller connected to the Internet of Things. And from there, these controllers can act as covert vehicles of attack that extract sensitive information, distribute viruses or take over the control of devices and machines even on protected networks.
The SPYRUS manufacturing process embeds cryptographic parameters into the device controller and protects the private digital signing key from theft or cloning. The critical aspects of using digital signatures to verify the authenticity and integrity of a firmware update and its source demand quality creation of a public key pair and private signing key and secure storage and key access. At SPYRUS, these functions are carried out in a U.S. secure facility by U.S. personnel and an access policy that requires two or more authenticated personnel to access the key in a physically locked vaulted room. These standards and procedures are audited regularly and must be maintained continuously, a product lifetime investment that many other controller and device manufacturers are hesitant to make.
The use of code-signed firmware updates, as properly implemented by the company, has and will continue to mitigate the dangers from these attacks while enabling our devices to be feature enhanced to meet customer requirements and prolong the lifetime of the device.
Other security features of encrypting storage and bootable drives include:
-
XTS-AES hardware encrypted compartments
-
Read-only settings that can be enabled to prevent permanent writes to memory compartments
-
Elliptic curve cryptography support in addition to the older RSA cryptographic algorithm support
-
FIPS 140-2 Level 3 SPYCOS hardware security module
-
Made In USA security technology
-
Passwords that are never stored on the device in any form
-
Optional use of secure secondary/tertiary datavault compartments
-
Embedded smartcard capabilities for two-factor authentication
-
Ruggedized tamper-evident water-resistant aluminum case design with tethered end-cap
-
SPYRUS enterprise management system to centrally manage access to devices and destroy, enable/disable and audit devices