News Feed Item
SPYRUS(R) Announces Its Encrypting and Bootable Windows To Go Drives Are Invulnerable to "BadUSB" Attacks
Proven SPYRUS Design and Manufacturing Solution to Signed Firmware Update Process Has Been Successfully Implemented for Decades
|By Marketwired .
|August 13, 2014 02:09 PM EDT
SAN JOSE, CA -- (Marketwired) -- 08/13/14 -- SPYRUS today announced that all SPYRUS bootable Windows To Go and Encrypting Storage Drives, including the Secured by SPYRUS Kingston® DT5000, DT6000, and PNY "Secured by SPYRUS" drives are invulnerable to "BadUSB" attacks.
BadUSB attacks were publicized at the recent presentation from the 2014 Black Hat Conference entitled "BadUSB: On accessories that turn evil," by Karsten Nohl and Jacob Lell of the SRLabs, Berlin. This lab study publicizes a latent, but understood vulnerability, that potentially could affect any unprotected USB or microcontroller network connected device on the market today.
"This is not a previously unknown vulnerability. SPYRUS has been protecting our encrypted drives since our first product design that was used to protect the DoD Defense Message System with a cryptographically secure design that integrates signed firmware updates into the manufacturing process along with selective hardware disabling of update processes," said Tom Dickens, COO, SPYRUS. "This completely defeats USB hack attacks. If the firmware is somehow tampered with after signing, signature verification will fail and the unauthenticated update terminates. Contrary to the presentation's description of the 'limitations' or difficulty of applying the use of code-signing for firmware updates to microcontrollers as an effective deterrent because of the difficulty of implementation, SPYRUS has implemented cryptographic code signing in all our security products as a core competency since the release of our first product."
In essence, this attack can convert benign, normally secure USB peripherals or any vulnerable device controllers into "BadUSBs" or "bad controllers" for purposes determined by an attacker. Conventional malware scanners and antivirus programs cannot detect the tampering after-the-fact. By the time it's detected, it may be too late to reverse the results because of device or system operational failures. The only way to prevent this attack is to understand how to prevent it in the initial design and implementation of the firmware architecture.
The firmware hack attack described in the Nohl-Lell presentation can change, in whole or in part, original unprotected controller firmware code and replace it with new code, indistinguishable from a vendor firmware update. However, unlike a legitimate firmware update from a device vendor, it morphs the controller into whatever new behavior and set of characteristics the attacker desires. This is true whether the memory controller is a USB storage device, automated CNC machine, medical device, energy grid component, or any device controller connected to the "Internet of Things." And from there, these controllers can act as covert vehicles of attack that extract sensitive information, distribute viruses or take over the control of devices and machines even on protected networks.
The SPYRUS manufacturing process embeds cryptographic parameters into the device controller and protects the private digital signing key from theft or cloning. The critical aspects of using digital signatures to verify the authenticity and integrity of a firmware update and its source demand quality creation of a public key pair and private signing key and secure storage and key access. At SPYRUS, these functions are carried out in a U.S. secure facility by U.S. personnel and an access policy that requires two or more authenticated personnel to access the key in a physically locked vaulted room. These standards and procedures are audited regularly and must be maintained continuously, a product lifetime investment that many other controller and device manufacturers are hesitant to make.
The use of code-signed firmware updates, as properly implemented by SPYRUS, has and will continue to mitigate the dangers from these attacks while enabling our devices to be feature enhanced to meet new customer requirements and prolong the lifetime of the device. Other industry-leading security features of SPYRUS encrypting storage and bootable drives include:
- XTS-AES hardware encrypted compartments
- Read-Only settings that can be enabled to prevent permanent writes to memory compartments
- Advanced Elliptic Curve Cryptography support in addition to the older RSA cryptographic algorithm support
- FIPS 140-2 Level 3 SPYCOS® hardware security module
- Made In USA security technology
- Passwords that are never stored on the device in any form
- Optional use of secure secondary/tertiary DataVault compartments
- Embedded smartcard capabilities for two-factor authentication
- New ruggedized tamper-evident water-resistant aluminum case design with tethered end-cap
- SPYRUS Enterprise Management System to centrally manage access to devices and destroy, enable/disable and audit devices
For a full list of product specific features and for more information regarding the advantages of using SPYRUS products, please visit our website at www.spyrus.com or contact us at [email protected].
Windows To Go Video http://technet.microsoft.com/en-us/windows/jj737992
Windows 8.1 Enterprise http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8-1/enterprise-edition.aspx
About SPYRUS, Inc.
SPYRUS delivers innovative encryption solutions that offer the strongest protection for data in motion, data at rest and data at work. For over 20 years, SPYRUS has delivered leading hardware-based encryption, authentication, and digital content security products to government, financial, and health care enterprises. To prevent the insertion of untrusted components, patented Secured by SPYRUS security technology is proudly designed, engineered, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS has collaborated closely with Microsoft to deliver the first certified hardware encrypted portable platform for Windows 7, Windows 8 and Window 8.1. SPYRUS is headquartered in San Jose, California. See www.spyruswtg.com for more information.
SPYRUS, the SPYRUS logo, Secured by SPYRUS, and SPYCOS are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective organizations.
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA.
Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Sep. 24, 2016 07:00 PM EDT Reads: 2,759
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies.
In his session at @ThingsExpo, Da...
Sep. 24, 2016 06:45 PM EDT Reads: 1,453
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics.
In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
Sep. 24, 2016 06:30 PM EDT Reads: 1,562
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 24, 2016 04:30 PM EDT Reads: 1,486
Traditional on-premises data centers have long been the domain of modern data platforms like Apache Hadoop, meaning companies who build their business on public cloud were challenged to run Big Data processing and analytics at scale. But recent advancements in Hadoop performance, security, and most importantly cloud-native integrations, are giving organizations the ability to truly gain value from all their data.
In his session at 19th Cloud Expo, David Tishgart, Director of Product Marketing ...
Sep. 24, 2016 04:30 PM EDT Reads: 1,677
While DevOps promises a better and tighter integration among an organization’s development and operation teams and transforms an application life cycle into a continual deployment, Chef and Azure together provides a speedy, cost-effective and highly scalable vehicle for realizing the business values of this transformation.
In his session at @DevOpsSummit at 19th Cloud Expo, Yung Chou, a Technology Evangelist at Microsoft, will present a unique opportunity to witness how Chef and Azure work tog...
Sep. 24, 2016 04:00 PM EDT Reads: 1,515
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Sep. 24, 2016 03:45 PM EDT Reads: 1,412
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
Sep. 24, 2016 03:00 PM EDT Reads: 1,013
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care.
I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind.
Don't just log my data; use the relationship graph.
In his session at @ThingsExpo, Ryan Boyd, Engi...
Sep. 24, 2016 02:15 PM EDT Reads: 1,180
The Internet of Things can drive efficiency for airlines and airports.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
The session will include a working demo and a technical d...
Sep. 24, 2016 02:00 PM EDT Reads: 1,625
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom.
China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
Sep. 24, 2016 01:30 PM EDT Reads: 1,670
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
Sep. 24, 2016 01:00 PM EDT Reads: 1,472
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Sep. 24, 2016 12:00 PM EDT Reads: 730
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Sep. 24, 2016 12:00 PM EDT Reads: 744
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example:
Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest
Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry
The social model innovation is also a big challenge to the new social architecture with the design fr...
Sep. 24, 2016 11:45 AM EDT Reads: 1,016