Sunday, October 5, 2014

BAD USB Opportunities and GOOD USB Drives

The first thought that immediately came to mind wasn't so much just counterfeit or cheaply made USB devices, but also USB chargers. We plug our android, blackberry, and iPhones into inexpensive chargers bought off Amazon.… Makes me wonder if it's really a good deal. Or just an incredibly wonderful opportunity for a nationstate that manufactures those devices and already understands this and many other exploits capable of going unnoticed.

Reading articles such as this well-written bit by , thinking about Cottonmouth, and considering the pervasiveness of potential compromised devices.... you can understand the effectiveness of this attack vector. Then consider the likely reuse of these compromised devices. They are going to be around for a long, long time.

GitHub Link: https://github.com/adamcaudill/Psychson

By the way, trusted USB devices… Excellent opportunistic marketing for a device that was ahead of its time... Smart company.

IronKey USB Drives
  • http://www.ironkey.com/en-US/solutions/protect-against-badusb.html
  • IronKey Enterprise 250 flash drives are FIPS 140-2 Level 3 validated with AES 256-bit hardware encryption.
  • Enforce device-specific policies and mitigate risks of data loss by remotely disabling lost or stolen drives.
  • A ruggedized, waterproof metal chassis resists physical break-ins and is tamper-proof.
If you work on a security or audit team – take advantage of the perks that come along with the position and apply for a free evaluation: http://resources.imation.com/ikenterprise-evaluation.