Saturday, September 24, 2016

USB Flash Drive Security Reminder:

USB Flash Drives have more than One Use


Do not trust unknown or free USB devices. It is recommended to look at purchasing more expensive USB sticks that have signed firmware. People have been using USB
devices to deploy malware through Trojan techniques. Either malware is copied to the device with the hope of people plugging the device in and clicking on the file or it automatically executes on insertion. BADUSB has also now afforded the opportunity to include payloads into modified USB firmware that execute on driver installation of the device. The malware payload cannot be scanned by traditional detection methods since it resides in firmware. Other techniques, also utilizing the failure to check for signed firmware, are to implement cross platform scripting to execute keyboard based commands on insertion. There are also USB devices being sold that are designed to destroy the device it is connected to. This is not an exhaustive listing and you should not live in FUD about using USB sticks. Be cautious and stick to using trusted USB sticks with signed firmware if possible.


Kanguru USB Flash Drive w/signed firmware.
http://www.kanguru.com/storage-accessories/kanguru-flashtrust-secure-firmware.shtml

IronKey Secure USB: BadUSB
http://www.ironkey.com/en-US/solutions/protect-against-badusb.html


BadUSB
https://www.royalholloway.ac.uk/isg/documents/pdf/technicalreports/2016/rhul-isg-2016-7-david-kierznowski.pdf


RubberDucky
http://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe

https://ducktoolkit.com/


USB Kill 2.0
https://www.usbkill.com/

No comments:

Post a Comment