IronKey

Mobile Data Security Blog

Home  »  Articles posted by Ken Jones

by

Equation Group Attack on Hard Drives – What Can Your Organization Do?

 

This week Moscow-based Kaspersky Lab published a report that examines a group of hackers, the Equation group, and the depths they have gone to for many years to spy.  The report outlines the attacks in detail and highlights, “the group’s attack technologies exceed anything we have ever seen before.  This is the ability to infect the hard drive firmware.”

As you consider your options, keep in mind there are a number of approaches to prevent the Equation group’s attack against hard drives.  

 A fundamental feature that every enterprise bound hard drive should have is preventing its firmware from being altered by an unauthorized agent.  The best protection against this vulnerability is to use code signing for firmware updates. Such devices will not allow unsigned firmware to be loaded onto the device.  As a further level of protection if somehow unsigned firmware was present on the device, it simply will not operate.

For your external hard drives I suggest these be replaced as soon as possible with drives that support firmware signing.

Protecting your internal hard drives is more difficult.  These drives could be infected at any time by self-replicating code such as “Fanny”, physical media (e.g. CD-ROMS), USB devices susceptible to BadUSB, and Web-based exploits. Swapping out internal hard drives is an expensive and time consuming proposition.  One option is to immediately switch to a Windows To Go flash drive that supports firmware signing for all of your critical systems as a hard drive replacement. 

Windows To Go equips users with a portable Windows corporate image.  It uses the flash drive as the system disk, completely insulating the user from the risk of any hard drive infections on the onboard hard drive. This is significantly less costly than replacing the computer’s internal hard drive with a FIPS-approved hard drive and can be easily done in the field without having to pull apart the computer. And, as an added benefit, Windows To Go drives can be centrally managed enabling organizations to track the devices and disable them if lost or stolen.

IronKey™ secure USB hard drive, flash storage and Windows To Go devices are not vulnerable to the Equation group’s malware or the BadUSB attack. IronKey’s leadership in security, including its use of digital signatures in all controller firmware, makes its products immune to these threats.

 

 

by

Perspective on BadUSB

 

We recently learned that security researchers Karsten Nohl and Jakob Lell of Security Research Labs plan to present their research at Black Hat next week which consists of proof-of-concept malicious software called BadUSB. The premise of the BadUSB attack appears to be that you can change the firmware of the USB device. A fundamental feature of IronKey high security products is that changing the customized firmware is not possible. IronKey devices have digitally signed firmware with verification on start-up. If the firmware is tampered with, the device won’t function. This countermeasure has been validated by NIST in IronKey FIPS 140-2 Level 3 devices

Once the research is released we will carefully review to ensure there are no potential risks. We will then issue a statement. In the meantime if you have any questions please email securitysales@imation.com.

 

by

Heartbleed – Don’t Be the Next Victim

 

Heartbleed, the recently uncovered security bug in the open-source OpenSSL cryptography library, is yet another example of a serious security weakness. The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. When information is stored where it can be accessed publicly and the secret keys are compromised— as in this case— confidential information such as the names and passwords of website users and the actual content and information are easily revealed to hackers. Fortunately for users of IronKey™, our products have NEVER contained the vulnerable version of OpenSSL, so your data remains IronKey strong.

 

Security vulnerabilities, like Heartbleed, remind enterprises just how dangerous it is to trust storing critical information in a publicly accessible location. Passwords, encryption keys and data are all at risk in these systems. If data must be stored publicly, then it should be encrypted using a security key that is fully protected from unauthorized access. Using a hardware-based secure storage technology, such as a secure USB flash drive, to store the key and encrypt the data is the only way to be sure no outside hacker will gain access to your data. And with centralized device management, enterprises can further enhance their security measures by administering usage, password and encryption policies; even remotely destroying a compromised device erasing every block of data and initiating its self-destruct sequence, rendering it unusable.

 

IronKey makes the world’s strongest, most secure storage devices, used by the most demanding enterprises and government agencies to protect their data. Don’t become the next victim. Think IronKey.