|By Marketwired .||
|August 13, 2014 02:09 PM EDT||
SAN JOSE, CA -- (Marketwired) -- 08/13/14 -- SPYRUS today announced that all SPYRUS bootable Windows To Go and Encrypting Storage Drives, including the Secured by SPYRUS Kingston® DT5000, DT6000, and PNY "Secured by SPYRUS" drives are invulnerable to "BadUSB" attacks.
BadUSB attacks were publicized at the recent presentation from the 2014 Black Hat Conference entitled "BadUSB: On accessories that turn evil," by Karsten Nohl and Jacob Lell of the SRLabs, Berlin. This lab study publicizes a latent, but understood vulnerability, that potentially could affect any unprotected USB or microcontroller network connected device on the market today.
"This is not a previously unknown vulnerability. SPYRUS has been protecting our encrypted drives since our first product design that was used to protect the DoD Defense Message System with a cryptographically secure design that integrates signed firmware updates into the manufacturing process along with selective hardware disabling of update processes," said Tom Dickens, COO, SPYRUS. "This completely defeats USB hack attacks. If the firmware is somehow tampered with after signing, signature verification will fail and the unauthenticated update terminates. Contrary to the presentation's description of the 'limitations' or difficulty of applying the use of code-signing for firmware updates to microcontrollers as an effective deterrent because of the difficulty of implementation, SPYRUS has implemented cryptographic code signing in all our security products as a core competency since the release of our first product."
In essence, this attack can convert benign, normally secure USB peripherals or any vulnerable device controllers into "BadUSBs" or "bad controllers" for purposes determined by an attacker. Conventional malware scanners and antivirus programs cannot detect the tampering after-the-fact. By the time it's detected, it may be too late to reverse the results because of device or system operational failures. The only way to prevent this attack is to understand how to prevent it in the initial design and implementation of the firmware architecture.
The firmware hack attack described in the Nohl-Lell presentation can change, in whole or in part, original unprotected controller firmware code and replace it with new code, indistinguishable from a vendor firmware update. However, unlike a legitimate firmware update from a device vendor, it morphs the controller into whatever new behavior and set of characteristics the attacker desires. This is true whether the memory controller is a USB storage device, automated CNC machine, medical device, energy grid component, or any device controller connected to the "Internet of Things." And from there, these controllers can act as covert vehicles of attack that extract sensitive information, distribute viruses or take over the control of devices and machines even on protected networks.
The SPYRUS manufacturing process embeds cryptographic parameters into the device controller and protects the private digital signing key from theft or cloning. The critical aspects of using digital signatures to verify the authenticity and integrity of a firmware update and its source demand quality creation of a public key pair and private signing key and secure storage and key access. At SPYRUS, these functions are carried out in a U.S. secure facility by U.S. personnel and an access policy that requires two or more authenticated personnel to access the key in a physically locked vaulted room. These standards and procedures are audited regularly and must be maintained continuously, a product lifetime investment that many other controller and device manufacturers are hesitant to make.
The use of code-signed firmware updates, as properly implemented by SPYRUS, has and will continue to mitigate the dangers from these attacks while enabling our devices to be feature enhanced to meet new customer requirements and prolong the lifetime of the device. Other industry-leading security features of SPYRUS encrypting storage and bootable drives include:
- XTS-AES hardware encrypted compartments
- Read-Only settings that can be enabled to prevent permanent writes to memory compartments
- Advanced Elliptic Curve Cryptography support in addition to the older RSA cryptographic algorithm support
- FIPS 140-2 Level 3 SPYCOS® hardware security module
- Made In USA security technology
- Passwords that are never stored on the device in any form
- Optional use of secure secondary/tertiary DataVault compartments
- Embedded smartcard capabilities for two-factor authentication
- New ruggedized tamper-evident water-resistant aluminum case design with tethered end-cap
- SPYRUS Enterprise Management System to centrally manage access to devices and destroy, enable/disable and audit devices
Windows To Go Video http://technet.microsoft.com/en-us/windows/jj737992
Windows 8.1 Enterprise http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/windows-8-1/enterprise-edition.aspx
About SPYRUS, Inc.
SPYRUS delivers innovative encryption solutions that offer the strongest protection for data in motion, data at rest and data at work. For over 20 years, SPYRUS has delivered leading hardware-based encryption, authentication, and digital content security products to government, financial, and health care enterprises. To prevent the insertion of untrusted components, patented Secured by SPYRUS security technology is proudly designed, engineered, and manufactured in the USA to meet FIPS 140-2 Level 3 standards. SPYRUS has collaborated closely with Microsoft to deliver the first certified hardware encrypted portable platform for Windows 7, Windows 8 and Window 8.1. SPYRUS is headquartered in San Jose, California. See www.spyruswtg.com for more information.
SPYRUS, the SPYRUS logo, Secured by SPYRUS, and SPYCOS are either registered trademarks or trademarks of SPYRUS, Inc., in the U.S. and/or other jurisdictions. All other company, organization, and product names are trademarks of their respective organizations.
SYS-CON Events announced today that Windstream, a leading provider of advanced network and cloud communications, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Windstream (Nasdaq: WIN), a FORTUNE 500 and S&P 500 company, is a leading provider of advanced network communications, including cloud computing and managed services, to businesses nationwide. The company also offers broadband, p...
Nov. 23, 2014 07:30 PM EST Reads: 1,684
The 4th International DevOps Summit, co-located with16th International Cloud Expo – being held June 9-11, 2015, at the Javits Center in New York City, NY – announces that its Call for Papers is now open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's large...
Nov. 23, 2014 12:30 PM EST Reads: 1,365
The major cloud platforms defy a simple, side-by-side analysis. Each of the major IaaS public-cloud platforms offers their own unique strengths and functionality. Options for on-site private cloud are diverse as well, and must be designed and deployed while taking existing legacy architecture and infrastructure into account. Then the reality is that most enterprises are embarking on a hybrid cloud strategy and programs. In this Power Panel at 15th Cloud Expo (http://www.CloudComputingExpo.com...
Nov. 23, 2014 07:45 AM EST Reads: 1,467
The definition of IoT is not new, in fact it’s been around for over a decade. What has changed is the public's awareness that the technology we use on a daily basis has caught up on the vision of an always on, always connected world. If you look into the details of what comprises the IoT, you’ll see that it includes everything from cloud computing, Big Data analytics, “Things,” Web communication, applications, network, storage, etc. It is essentially including everything connected online from ha...
Nov. 22, 2014 10:00 PM EST Reads: 1,380
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
Nov. 22, 2014 05:30 PM EST Reads: 1,448
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and asse...
Nov. 22, 2014 05:30 PM EST Reads: 1,301
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at Internet of @ThingsExpo, James Kirkland, Chief Ar...
Nov. 21, 2014 09:15 PM EST Reads: 1,376
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the ...
Nov. 21, 2014 08:00 PM EST Reads: 1,438
The security devil is always in the details of the attack: the ones you've endured, the ones you prepare yourself to fend off, and the ones that, you fear, will catch you completely unaware and defenseless. The Internet of Things (IoT) is nothing if not an endless proliferation of details. It's the vision of a world in which continuous Internet connectivity and addressability is embedded into a growing range of human artifacts, into the natural world, and even into our smartphones, appliances, a...
Nov. 21, 2014 08:00 PM EST Reads: 1,385
"BSQUARE is in the business of selling software solutions for smart connected devices. It's obvious that IoT has moved from being a technology to being a fundamental part of business, and in the last 18 months people have said let's figure out how to do it and let's put some focus on it, " explained Dave Wagstaff, VP & Chief Architect, at BSQUARE Corporation, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4-6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Nov. 21, 2014 07:00 PM EST Reads: 1,291
The 3rd International @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to th...
Nov. 20, 2014 01:00 PM EST Reads: 1,584
As cloud gives an opportunity to businesses to buy services externally – how is cloud impacting your customers? In his General Session at 15th Cloud Expo, Fabio Gori, Director of Worldwide Cloud Marketing at Cisco, provided answers to big questions: Do you see hybrid cloud as where the world is going? What benefits does it bring? And how does Cisco connect all of these clouds? He also discussed Intercloud and Cisco’s investment on it.
Nov. 18, 2014 09:00 PM EST Reads: 1,504
Working with Big Data is challenging, especially when decision makers depend on market insights and intelligence from your data but don't have quick access to it or find it unusable. In their session at 6th Big Data Expo, Ian Khan, Global Strategic Positioning & Brand Manager at Solgenia; Zel Bianco, President, CEO and Co-Founder of Interactive Edge of Solgenia; and Ermanno Bonifazi, CEO & Founder at Solgenia, discussed how a revolutionary cloud-based BI along with mobile analytics is already c...
Nov. 17, 2014 11:00 AM EST Reads: 1,619
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immed...
Nov. 17, 2014 10:00 AM EST Reads: 1,606
Vichara Technologies in Hoboken, New Jersey is expanding its capabilities in big data from origins on Wall Street into other areas, and thereby demonstrating the growing marketplace for advanced big-data analytics services. The next BriefingsDirect deep-dive big data benefits case study interview explores how Vichara Technologies in Hoboken, New Jersey is expanding its capabilities in big data from origins on Wall Street into other areas, and thereby demonstrating the growing marketplace for ad...
Nov. 16, 2014 01:00 PM EST Reads: 1,231
Moscow-based OpenBank, one of the largest private financial services groups in Russia, has built out a business intelligence capability for wholly new business activity monitoring benefits. The next BriefingsDirect deep-dive big data benefits case study interview explores how Moscow-based Otkritie Bank, one of the largest private financial services groups in Russia, has built out a business intelligence (BI) capability for wholly new business activity monitoring (BAM) benefits. The use of HP V...
Nov. 12, 2014 06:45 AM EST Reads: 1,296
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Nov. 10, 2014 12:00 PM EST Reads: 5,947
Scene scenario: 10 am in a boardroom somewhere, second round of coffees served, Danish and donuts untouched, a quiet hush settles. “Well you know what guys? (and, by the use of the term guys I mean to include both sexes here assembled) – the trouble that we have as a company is that we are, to put it bluntly, just a little analytics poor,” said the newly appointed Chief Analytics Officer. That we should consider a firm to be analytically deficient or poor is a profound comment on our modern ag...
Nov. 10, 2014 07:18 AM EST Reads: 2,412
Quantum is a leading expert in scale-out storage, archive and data protection, providing intelligent solutions for capturing, sharing and preserving digital assets over the entire data lifecyle. They help customers maximize the value of these assets to achieve their goals, whether it’s top movie studios looking to create the next blockbuster, researchers working to accelerate scientific discovery, or small businesses trying to streamline their operations. With a comprehensive portfolio of best-i...
Nov. 3, 2014 07:00 PM EST Reads: 3,545