Prevent BadUSB - USB Firmware Protection from Kanguru
Protect Against "badUSB" with Kanguru Secure Firmware
August 29, 2014
In a recent Black Hat security event, researchers Karsten Nohl and Jakob Lell revealed a potential threat to USB technology, pointing out that any USB peripheral, including printers, keyboards, computer mice, webcams or flash keys, could be open to the possibility of a savvy hacker physically changing the firmware to deliver infective malware. Although this would be a difficult thing to do, the news, known as "BadUSB", has worried some that even secure USB flash drives, hard drives, and solid state drives could be vulnerable to such type of physical tampering. The truth is, Kanguru Defender® USB drives are more secure than ever thanks to the onboard digitally signed secure firmware. Those fears can be put to rest because Kanguru's secure USB drives have you covered.
Is badUSB as bad as it sounds?
Before we get into that though, we really need to be honest with ourselves, when it comes to a possibility of tampering with USB technology. Is there really anything new here? Not to belittle it, as it is more than a cry out that the "sky is falling", and it is enough to make experts sit up and take notice. But the threat is said to be as old as the technology itself which was developed back in 1995, yet there are no reports to date that indicate a documented attack resulting from such a vulnerability. Second, when we take a step back and really think about it, isn't anything of value "vulnerable?" The key word here is the word "could." Your car for instance, even with its fancy alarm system, "could" still get broken into. Your house, even with all the doors and windows locked, "could" still be burglarized. Thieves "could" attempt to gain access to anything if they want it bad enough. The question is, how do you prevent them from successfully entering and causing major damage, and getting off scot-free with the things you value most - like stealing important data or infecting a network?
How Digitally-Signed Secure Firmware Works
Now imagine if a thief tried to steal your car, and your car recognized it was not you behind the driver's seat and as a result, completely locked down, bolted all the doors and stopped functioning altogether. By design, Kanguru's firmware on Defender® secure hardware encrypted flash drives, hard drives, and solid state drives are inherently protected with what is called digitally signed secure firmware. This fundamental feature makes it nearly impossible for any firmware-based attack to be successful on Kanguru's secure USB drives, making them the most trusted USB devices on the market. Kanguru's hardware encrypted drives are designed in compliance with NIST requirements of digitally signing the device firmware, and is verified through a rigorous process known as FIPS 140-2 certification. Because the secure firmware is verified with a self-test on start-up, if any attempt were made to tamper with the firmware on a Kanguru secure drive, the USB device simply would not function. Kanguru's FIPS 140-2 Certified Kanguru Defender 2000 and Defender Elite200 have even more advanced protections that make them perfect for government, financial and enterprise organizations. However, digitally signed secure firmware is not just reserved for Kanguru's FIPS 140-2 certified devices alone, but for all of Kanguru's secure, hardware encrypted Defender® USB drives as well, including Kanguru's secure Hard Drive and Solid State Drive (SSD).
The World's First Unencrypted USB 3.0 Flash Drive with Secure Firmware
In addition, for businesses that may not be in the market for high-end hardware encrypted USB drives but still worry about the potential for this to be an issue within their organization, Kanguru has developed an unencrypted flash drive with the same high-end, digitally signed, secure firmware, making it the world's first unencrypted USB 3.0 flash drive with onboard, secure firmware. The new Kanguru FlashTrust™ offers organizations the same level of firmware protection of our hardware encrypted firmware to our unencrypted users, providing extra confidence as a trusted, secure firmware USB drive.
How to Protect Your Organization from "BadUSB"
So if you have a reason to worry about a potential risk of tampered firmware on USB data storage devices within your organization, Kanguru has you covered either way. Here's how you can protect your organization from the threat of "BadUSB":
Use only trusted Kanguru Secure Hardware Encrypted drives or Kanguru's unencrypted Secure Firmware USB to protect your data
Make a company policy to stay away from cheap, plastic USB drives from untrusted sources and do not allow them on your network
Use Kanguru Remote Management for managing, monitoring and disabling lost or stolen USB drives within your network anywhere in the world
Use Kanguru Device Control to ensure rogue USB devices aren't being used on your network
Please feel free to contact us if you have any questions or further concerns. We'd be happy to answer any questions you may have at (508) 376-4245.
Kanguru is a global leader in providing secure portable storage solutions, providing enterprises, organizations and consumers with the best in easy-to-use, secure IT products and data storage. For more information on Kanguru, please visit www.kanguru.com.