Curiosity Killed the Network – Beating the Security Risks of BadUSB with a Non-standard USB Port
Jan 20, 2022
Article
It’s 2022 and the “future” feels a little closer every day.
While we may not have flying cars quite yet, some vehicles are indeed beginning to drive themselves – and can even be started and managed from your watch. Your watch, in fact, can even double as a friendly and effective workout coach, training you through a cardio session you share with your brother across the country – a brother with which you’re simultaneously chatting on your phone via video stream.
Setting aside the discussion on the impact of these technologies on our lives, one thing is for certain – the world of 2022 is significantly different and more advanced than the world we lived in just 10 years ago. The impacts of these advances are visible in societies around the globe.
Some things never change
And yet… with all this progress, many of our computers and embedded devices still possess the same USB ports we’ve had for nearly two decades!
While there are benefits to this, especially regarding backwards compatibility and convenience, there are major security risks associated with this legacy design feature.
What type of security risk? It’s called BadUSB, and it’s showing an increase in activity.
An article titled Ransomware warning: Cyber criminals are mailing out USB drives that install malware, published Jan. 10, 2022 on ZDNet, tells a story about the mailing of ransomware-infected USB thumb drives to recipients. Once plugged in, the drives can install a variety of malware on a PC, which then spread across a network infecting other machines as the malware travels.
Why would an individual plug an unknown device into a PC? Quite simply, it’s because we’re human. And as humans, we’re curious.
The article states that the messaging on the mailers in which the infected USB drives are sent is the reason. With labeling claiming to be from the US Department of Health regarding COVID-19 information, or another claiming to be from Best Buy with details on gift card redemption, the culprits are relying on good old human curiosity to play a role in their plans – and it works.
BadUSB is just this – relying on the insertion of a USB drive to attack devices on a network.
But it’s just so handy
IT policies around the globe often forbid the use of personal USB drives in workplace systems – but enforcing this is nearly impossible. You’ll find everything from publicly-posted policies to duct tape placed over a port in an attempt to reduce this threat, but it’s just so difficult to restrict human users from utilizing such a convenient – and often very helpful – feature in a modern IT system. And it’s not just computers. A multitude of devices with embedded computers, including medical devices, industrial automation systems, traffic light controllers, and IoT devices all possess USB ports, largely for the purpose of device initiation and firmware updates.
This ubiquity and ease-of-use make it easy to understand why this form factor persists – and the Datakey team understands this as well!
A different-looking alternative to standard USB ports
We understand this so well, in fact, that we built a business around making sure that the convenience of USB ports continues to be available as we progress into the future – but we changed the design away from that of a standard USB port – and in doing this, eliminated one of the most abundant security holes in PCs and embedded computing systems around the globe.
If you’re building USB ports into your products, specifically to support the use of USB flash drives, take a look at our RUGGEDrive line of proprietary USB and SD flash drives.
Delivering all the convenience of portable storage, RUGGEDrive products offer a high-capacity, high performing USB or SD storage device with superior physical strength and a unique form-factor in both the memory device (we call it a memory token) and the receptacle. This creates a data-transfer opportunity matching the ease-of-use of standard USB drives but, helps reduce threats to your network through a non-standard design.
The choice is yours
So – continue to build the products of the future, and continue to incorporate as much cutting-edge tech as you can design into your devices. But in the interest of security and risk mitigation, consider a more secure data transfer method than traditional consumer USB flash drives.
In reducing the potential for BadUSB opportunities, safer work environments are ensured, and IT administrators and support staff the world over will sleep better at night. And that’s good news for everyone.
Curious about integrating RUGGEDrive into your products?