Click here to close now.



Welcome!

@BigDataExpo Authors: Elizabeth White, Pat Romanski, Dana Gardner, Liz McMillan, Scott Allen

News Feed Item

SPYRUS(R) Announces Its Encrypting and Bootable Windows To Go Drives Are Invulnerable to "BadUSB" Attacks

Proven SPYRUS Design and Manufacturing Solution to Signed Firmware Update Process Has Been Successfully Implemented for Decades

SAN JOSE, CA -- (Marketwired) -- 08/13/14 -- SPYRUS today announced that all SPYRUS bootable Windows To Go and Encrypting Storage Drives, including the Secured by SPYRUS™ Kingston® DT5000, DT6000, and PNY "Secured by SPYRUS™" drives are invulnerable to "BadUSB" attacks.

BadUSB attacks were publicized at the recent presentation from the 2014 Black Hat Conference entitled "BadUSB: On accessories that turn evil," by Karsten Nohl and Jacob Lell of the SRLabs, Berlin. This lab study publicizes a latent, but understood vulnerability, that potentially could affect any unprotected USB or microcontroller network connected device on the market today.

"This is not a previously unknown vulnerability. SPYRUS has been protecting our encrypted drives since our first product design that was used to protect the DoD Defense Message System with a cryptographically secure design that integrates signed firmware updates into the manufacturing process along with selective hardware disabling of update processes," said Tom Dickens, COO, SPYRUS. "This completely defeats USB hack attacks. If the firmware is somehow tampered with after signing, signature verification will fail and the unauthenticated update terminates. Contrary to the presentation's description of the 'limitations' or difficulty of applying the use of code-signing for firmware updates to microcontrollers as an effective deterrent because of the difficulty of implementation, SPYRUS has implemented cryptographic code signing in all our security products as a core competency since the release of our first product."

In essence, this attack can convert benign, normally secure USB peripherals or any vulnerable device controllers into "BadUSBs" or "bad controllers" for purposes determined by an attacker. Conventional malware scanners and antivirus programs cannot detect the tampering after-the-fact. By the time it's detected, it may be too late to reverse the results because of device or system operational failures. The only way to prevent this attack is to understand how to prevent it in the initial design and implementation of the firmware architecture.

The firmware hack attack described in the Nohl-Lell presentation can change, in whole or in part, original unprotected controller firmware code and replace it with new code, indistinguishable from a vendor firmware update. However, unlike a legitimate firmware update from a device vendor, it morphs the controller into whatever new behavior and set of characteristics the attacker desires. This is true whether the memory controller is a USB storage device, automated CNC machine, medical device, energy grid component, or any device controller connected to the "Internet of Things." And from there, these controllers can act as covert vehicles of attack that extract sensitive information, distribute viruses or take over the control of devices and machines even on protected networks.

The SPYRUS manufacturing process embeds cryptographic parameters into the device controller and protects the private digital signing key from theft or cloning. The critical aspects of using digital signatures to verify the authenticity and integrity of a firmware update and its source demand quality creation of a public key pair and private signing key and secure storage and key access. At SPYRUS, these functions are carried out in a U.S. secure facility by U.S. personnel and an access policy that requires two or more authenticated personnel to access the key in a physically locked vaulted room. These standards and procedures are audited regularly and must be maintained continuously, a product lifetime investment that many other controller and device manufacturers are hesitant to make.

The use of code-signed firmware updates, as properly implemented by SPYRUS, has and will continue to mitigate the dangers from these attacks while enabling our devices to be feature enhanced to meet new customer requirements and prolong the lifetime of the device. Other industry-leading security features of SPYRUS encrypting storage and bootable drives include:

  • XTS-AES hardware encrypted compartments
  • Read-Only settings that can be enabled to prevent permanent writes to memory compartments
  • Advanced Elliptic Curve Cryptography support in addition to the older RSA cryptographic algorithm support
  • FIPS 140-2 Level 3 SPYCOS® hardware security module
  • Made In USA security technology
  • Passwords that are never stored on the device in any form
  • Optional use of secure secondary/tertiary DataVault compartments
  • Embedded smartcard capabilities for two-factor authentication
  • New ruggedized tamper-evident water-resistant aluminum case design with tethered end-cap
  • SPYRUS Enterprise Management System to centrally manage access to devices and destroy, enable/disable and audit devices

For a full list of product specific features and for more information regarding the advantages of using SPYRUS products, please visit our website at www.spyrus.com or contact us at [email protected].

Related Links
Windows To Go Video http://technet.microsoft.com/en-us/windows/jj737992
Windows 8.1 Enterprise http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8-1/enterprise-edition.aspx

About SPYRUS, Inc.

SPYRUS delivers innovative encryption solutions that offer the strongest protection for data in motion, data at rest and data at work. For over 20 years, SPYRUS has delivered leading hardware-based encryption, authentication, and digital content security products to government, financial, and health care enterprises. To prevent the insertion of untrusted components, patented Secured by SPYRUS™ security technology is proudly designed, engineered, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS has collaborated closely with Microsoft to deliver the first certified hardware encrypted portable platform for Windows 7, Windows 8 and Window 8.1. SPYRUS is headquartered in San Jose, California. See www.spyruswtg.com for more information.

SPYRUS, the SPYRUS logo, Secured by SPYRUS, and SPYCOS are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective organizations.

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@BigDataExpo Stories
When it comes to cloud computing, the ability to turn massive amounts of compute cores on and off on demand sounds attractive to IT staff, who need to manage peaks and valleys in user activity. With cloud bursting, the majority of the data can stay on premises while tapping into compute from public cloud providers, reducing risk and minimizing need to move large files. In his session at 18th Cloud Expo, Scott Jeschonek, Director of Product Management at Avere Systems, discussed the IT and busin...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, will demonstrate how to move beyond today's coding paradigm ...
The cloud market growth today is largely in public clouds. While there is a lot of spend in IT departments in virtualization, these aren’t yet translating into a true “cloud” experience within the enterprise. What is stopping the growth of the “private cloud” market? In his general session at 18th Cloud Expo, Nara Rajagopalan, CEO of Accelerite, explored the challenges in deploying, managing, and getting adoption for a private cloud within an enterprise. What are the key differences between wh...
"My role is working with customers, helping them go through this digital transformation. I spend a lot of time talking to banks, big industries, manufacturers working through how they are integrating and transforming their IT platforms and moving them forward," explained William Morrish, General Manager Product Sales at Interoute, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The pace of innovation, vendor lock-in, production sustainability, cost-effectiveness, and managing risk… In his session at 18th Cloud Expo, Dan Choquette, Founder of RackN, discussed how CIOs are challenged finding the balance of finding the right tools, technology and operational model that serves the business the best. He also discussed how clouds, open source software and infrastructure solutions have benefits but also drawbacks and how workload and operational portability between vendors ...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
"We work in the area of Big Data analytics and Big Data analytics is a very crowded space - you have Hadoop, ETL, warehousing, visualization and there's a lot of effort trying to get these tools to talk to each other," explained Mukund Deshpande, head of the Analytics practice at Accelerite, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The idea of comparing data in motion (at the sensor level) to data at rest (in a Big Data server warehouse) with predictive analytics in the cloud is very appealing to the industrial IoT sector. The problem Big Data vendors have, however, is access to that data in motion at the sensor location. In his session at @ThingsExpo, Scott Allen, CMO of FreeWave, discussed how as IoT is increasingly adopted by industrial markets, there is going to be an increased demand for sensor data from the outermos...
The initial debate is over: Any enterprise with a serious commitment to IT is migrating to the cloud. But things are not so simple. There is a complex mix of on-premises, colocated, and public-cloud deployments. In this power panel at 18th Cloud Expo, moderated by Conference Chair Roger Strukhoff, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships at Commvault; Dave Landa, Chief Operating Officer at kintone; William Morrish, General Manager Product Sales at Interou...
UAS, drones or unmanned aircraft, no matter what you call them — this was their week. Our news stream was flooded with updates on the newly announced rules and regulations for commercial UAS from the FAA. So, naturally we have dedicated this week’s top news round up to highlight some of our favorite UAS stories.
As organizations shift towards IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. Commvault can ensure protection, access and E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his general session at 18th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Part...
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
In addition to all the benefits, IoT is also bringing new kind of customer experience challenges - cars that unlock themselves, thermostats turning houses into saunas and baby video monitors broadcasting over the internet. This list can only increase because while IoT services should be intuitive and simple to use, the delivery ecosystem is a myriad of potential problems as IoT explodes complexity. So finding a performance issue is like finding the proverbial needle in the haystack.
Digital Initiatives create new ways of conducting business, which drive the need for increasingly advanced security and regulatory compliance challenges with exponentially more damaging consequences. In the BMC and Forbes Insights Survey in 2016, 97% of executives said they expect a rise in data breach attempts in the next 12 months. Sixty percent said operations and security teams have only a general understanding of each other’s requirements, resulting in a “SecOps gap” leaving organizations u...
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Apixio Inc. has raised $19.3 million in Series D venture capital funding led by SSM Partners with participation from First Analysis, Bain Capital Ventures and Apixio’s largest angel investor. Apixio will dedicate the proceeds toward advancing and scaling products powered by its cognitive computing platform, further enabling insights for optimal patient care. The Series D funding comes as Apixio experiences strong momentum and increasing demand for its HCC Profiler solution, which mines unstruc...
Predictive analytics tools monitor, report, and troubleshoot in order to make proactive decisions about the health, performance, and utilization of storage. Most enterprises combine cloud and on-premise storage, resulting in blended environments of physical, virtual, cloud, and other platforms, which justifies more sophisticated storage analytics. In his session at 18th Cloud Expo, Peter McCallum, Vice President of Datacenter Solutions at FalconStor, discussed using predictive analytics to mon...
The IoT is changing the way enterprises conduct business. In his session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, discussed how businesses can gain an edge over competitors by empowering consumers to take control through IoT. He cited examples such as a Washington, D.C.-based sports club that leveraged IoT and the cloud to develop a comprehensive booking system. He also highlighted how IoT can revitalize and restore outdated business models, making them profitable ...
Presidio has received the 2015 EMC Partner Services Quality Award from EMC Corporation for achieving outstanding service excellence and customer satisfaction as measured by the EMC Partner Services Quality (PSQ) program. Presidio was also honored as the 2015 EMC Americas Marketing Excellence Partner of the Year and 2015 Mid-Market East Partner of the Year. The EMC PSQ program is a project-specific survey program designed for partners with Service Partner designations to solicit customer feedbac...
IoT offers a value of almost $4 trillion to the manufacturing industry through platforms that can improve margins, optimize operations & drive high performance work teams. By using IoT technologies as a foundation, manufacturing customers are integrating worker safety with manufacturing systems, driving deep collaboration and utilizing analytics to exponentially increased per-unit margins. However, as Benoit Lheureux, the VP for Research at Gartner points out, “IoT project implementers often ...