Secure USB Drive

Here’s an article on SC Magazine’s website on the explosive growth in storage capacities of USB flash drives, with a discussion of what steps can and should be taken to secure them. 

As SanDisk CEO Eli Harari pointed out recently, the increase in capacity of drives has exceeded Moore’s Law in recent years, making it increasingly tempting to use flash drives to store and transport large amounts of data. 

The article takes in comment from several vendors, including SanDisk, looking at the issue.  The conclusion is enterprises and IT-literate consumers are already taking advantage of secure flash drives to protect their data – but there will always be a price-conscious market for unsecured drives.

Microsoft has recently issued updates for Windows XP and Vista which can help stop worms such as Conficker spreading via infected flash drives.  Windows 7 is already protected.

The updates modify the way AutoRun and AutoPlay work, to keep malware from silently installing on a victim’s PC.  Conficker and similar worms use a malicious “autorun.inf” file on USB storage devices connected to already-infected machines, which then spread to any other PC if the user connected the device to that second computer and picked the “Open folder to view files” option under “Install or run program” in the AutoPlay dialog.

The change to the AutoPlay dialog no longer let users run programs, except when the device is a nonremovable optical drive.  Instead, a flash drive connected to a Windows 7 system only opens a folder to show a list of files.

The updates are available for download and installation from Microsoft’s download site, and are strongly recommended.

Earlier this year we posted on this blog about the continued rise of malware that exploits the Windows AutoRun feature to replicate onto removable media, such as USB thumb drives.  As we saw just a couple of weeks ago, a UK local government body suffered significant problems and incurred high costs as a result of a Conficker infection, which uses this exploit.

Of course, our Cruzer Enterprise flash drives with onboard McAfee antivirus scanning are able to stop this kind of malware spreading via USB, because they will quarantine and destroy the malware if copied onto the drive. 

But it’s also worth a reminder that that many other types of portable storage devices are also vulnerable to AutoRun malware.  This includes mp3 players, digital cameras and even digital picture frames.  While disabling Windows AutoRun is possible, it’s also inconvenient for users to manually launch a portable device or program they may need. 

We would suggest exercising extreme caution in allowing any unauthorised devices to be used on the corporate network, and ensuring that antivirus software and software patches are kept fully up to date.  These measures will help to minimise any risks.

Frustrated by slow broadband speeds?  Here’s an alternative to consider:  send the data on a USB flash drive, by carrier pigeon.

That’s exactly what a South African IT company did to highlight the poor performance of its ISP’s ADSL service.  The IT company strapped a 4GB memory stick to the pigeon’s leg and sent it 60 miles to its second office, while simultaneously starting to download the same file via ADSL.

The bird arrived after 1 hour 8 minutes, and the data took an hour to upload from the USB flash drive.  By which time the ADSL download was only 4% complete.  So the experiment was a success:  in some conditions, pigeon post is faster.  And if a secure USB flash drive is used to carry the data, the data is also well protected against loss, theft … or cats.

The UK Government Information Commissioner’s Office (ICO) continues to be firm with public sector organisations that have had data losses.

This week, a Council in central England has agreed to comply with data protection principles, and signed an undertaking to assure the ICO that personal data will be kept securely in future.  A council employee lost an unencrypted memory stick which contained highly sensitive personal information on four families.

As part of the commitment, the council has agreed to ensure that portable and mobile devices, including laptops, USB flash drives etc are encrypted.  Staff will also be trained and made aware of policies for storage and use of personal information.

It’s good to see that these measures are being taken over losses of personal data, even when the actual volume of lost data is small.  Let’s hope that other countries take an equally firm stance on this issue.

A UK local council has just found the true cost of a virus infection which was introduced onto its network by an employee plugging an infected memory stick into his computer in May this year.

The overall bill for IT recovery and lost revenues was over £500,000 (more than $800,000), as systems were disrupted for several days.

The report on the outbreak from Ealing Council in West London states: ‘At the point the memory stick was plugged in the virus attacked the host PC.  It blocked connections to anti-virus and Microsoft Support websites and attempted to establish connections with 500 internet sites chosen at random from a selection of 25,000 seeking instructions from its author, and sought to also contact other similarly infected PCs that it could find. It then started propagating itself across the Ealing network.’

Although the virus has not been named, it obviously exploited the well-known Windows Autorun vulnerability to spread on the Council network. 

This could have been prevented by issuing all council employees with a secure USB flash drive with onboard anti-virus scanning – which would not only keep mobile data secured, but would also stop any infections using thumb drives to spread.

You can read more about this incident in the following articles:
 
www.theregister.co.uk/ealing_council_mystery_malware
 
www.scmagazineuk.com/Ealing-Council-facing-501000-fine-after-its-network-was-hit-by-a-virus-that-crippled-it-for-weeks
 
www.publicservice.co.uk/news_story

As you may have seen in the last week or so, the latest version of Apple’s Macintosh OS, known as Snow Leopard, includes for the first time features to detect and warn users about some types of malware.

However, a number of external parties have tested these features, and found that they will only detect the specific malware if it’s encountered via a Web browser.  The features will not detect malware if it is carried and inserted into the machine via a removable drive, such as a USB flash drive.

Although Apple has said for many years that Mac users don’t really need to worry about malware, the threat landscape is constantly changing.  So Mac users should be careful about possible infections from any source, whether on the web or by removable media.