We all know what ransomware is. A type of malware which threatens to publish the victim’s data or perpetually block access to the data until a ransom is paid. Specifically, the ransomware encrypts the users data and only after the ransom has been paid will a keycode be provided to free the files.
One solution to avoid paying a ransom is restoring the computer data from a recent backup. If a company configures it’s backup software to perform a backup each night, this is a great solution to restore the original data.
However, an easier solution to avoid a ransomware attack, is make a friendly PC. A “friendly” PC means the ransomware will identify the computer as a system it should not infect. To create a friendly PC use the Windows language feature and install the Russian keyboard. When this is done (pretty much all ransomware software) will identify the computer as a friendly system and not infect it.
This language feature is available in Windows 10 and 10 Pro. We don’t believe the language option is available for Windows 10 Home edition.
More about Ransomware from Wikipedia.
A computer virus is something we all strive to avoid because we understand the consequences and the amount of time and energy required to restore a computer to its original condition. In a recent poll by GetUSB.info when asking users to name the top three ways a computer can get a virus, they responded with:
- Link from an email
- Link from an unsecure website
- USB flash drive
However, if Nexcopy has anything to do with the last answer, a computer virus which spreads by USB flash drive will be a thing of the past.
Nexcopy is a US company based in Southern California who specializes in flash memory duplication equipment, printers, FDA compliant flash drives, copy protection and now a road-blocking malware on flash drives.
A virus will spread via a USB stick because the device is writable. In fact, any device that is connected to a computer which is writeable could spread a virus; other devices such as external hard drives, SD cards, microSD cards, etc. all have the same potential for harm.
But what happens when you turn these storage devices on their head and not allow them to be writable in the first place? This simple yet obvious solution is a gigantic step in the right direction for controlling the spread of a virus via USB.
The Lock License flash drive designed and manufactured by Nexcopy is exactly that. The Lock License drive is a USB stick which is always write protected. The device doesn’t care what it’s plugged into, or when, or how, the Lock License drive will always be read-only.
A virus will spread in a very specific way. A virus is designed to scan newly connected devices and ping them to see if they can spread (if the device is writable). A new device is defined by any computer system when “power” is assigned upon connection, which, coincidentally is the same time the virus will try and spread.
This article will overview PDF copy protection and the available options. A couple of things worth mentioning before getting into the details:
- Encryption is different than copy protection. Encryption is a technology solution where the PDF owner assigns a password to the document and after the user enters that password the user can do anything they want with the file. Print, share, screen capture, etc. The idea for encryption is the document being unattainable until a password is entered.
- Copy protection does not use a password and anyone can see the file. However; the file cannot be copied, printed, shared or screen captured. The idea behind copy protection is the PDF being viewed by anyone, but nothing can be done with the file. When people are searching for PDF copy protection, this is the solution most likely sought after.
PDF or Portable Document Format is an open standard. What this means is the document format was designed to be used in just about any document reader program. The goal for the PDF specification was to make the format as universal as possible. For this reason, it is a bit more difficult than one would think to copy protect a PDF file.
Windows comes pre-installed with Adobe Reader. In addition, Windows has embedded Adobe API code to read PDF files. Even if Adobe Reader was not installed on your computer, or uninstalled, the underlying code is still there to open a PDF. In additional to Adobe Reader (#1 PDF reader in the market) there are dozens of additional PDF reader programs. Again, the goal for all these readers is to open and read a portable document file.
Adobe copy protection solutions are very well known for being cracked. If you Google “Adobe copy protection crack” you will find pages of ways the Adobe security features are compromised. Here and here are two examples of Google search results with web pages dedicated to hacking.
The fundamental problem with copy protection are the lack of controls when viewing a PDF. Meaning a PDF content owner (you) does not have the control over Adobe Reader, or other programs, to stop the user (your client/customer/student) from printing, screen grabbing, sharing and saving.
The idea behind a PDF copy protection solution is a framework where the PDF can be opened and viewed, while you (the content owner) maintains control of the document.
Of course Adobe Reader, FoxIt Reader and others, will not provide the tools to block a user from printing or saving from within their program. In contrast, we need a “reader” or “viewer” with controls to block those functions.
With this in mind, it is difficult to provide a reader with these security functions. Most users who receive a PDF do not want to download and install another program just to read a PDF file. The ease and beauty of a PDF gets lost in that process. No longer is the PDF a portable document format. In addition, a software program that can be downloaded to view a PDF can also be downloaded by a hacker to be reverse engineered. There needs to be something more than just a secure reader/viewer to control the PDF.
The most secure way to copy protect a PDF file is to associate it with something physical. There are some software (only) solutions, but those are not as secure as a solution with something physical.
In this article we will detail how the Nexcopy USB copy protection solution works. Before we start there are important definitions we must all agree upon. As in today’s market place there are multiple vendors using the wrong definitions to explain copy protection.
Copy protection is different than encryption; although copy protection does use a form of encryption in the overall solution.
Encryption is scrambling up data and requiring a password to piece all the data together and display it. Once the password is entered the data can be viewed. The potential security issue is the user who entered the password can now do anything they wish with the files, print, save, share, etc.
Copy protection is different in two ways. First, there is no password required to view the data. Second, the files cannot be saved, printed, shared, streamed when viewed by even the most trusted user.
The later, copy protection, is what most people want when it comes to multi-media files like PDF, video, audio and HTML pages. Most users want the data to be seen by as many people as possible, yet the data cannot be saved, shared, streamed, printed or screen captured.
So with that in mind, let us review how the Nexcopy solution works for USB copy protection.
Here are six bullet points regarding features Nexcopy provides which others do not:
- Copy protected content plays on both Mac and Windows computers
- There are no Admin rights required to play the content
- There is no installation required on the host computer
- The content runs 100% from the flash drive
- The USB stick is write protect, so files cannot be deleted or changed
- The solution is both hardware and software, ultra-secure
The Nexcopy USB copy protection solution runs with the assumption the content owner does not want to share the data with even duplication service companies. It is assumed the content owner wants total control of the data before, during and after the USB duplication process.
Here are the steps for using the Copy Secure drives as the content owner:
Does the title of this article even make sense? Yes, but not to most.
USB enumeration is the process a host computer goes through to identify the type of USB device connected and what the operating system should do with the newly detected device.
Fingerprint would simply imply the different steps a computer operating system goes through when determine the USB device type.
For 99.7% of the people who visit this site, this information doesn’t matter, but for others it does. The security industry would be the prime candidate for wanting this information. If a security expert, team or programmer knows the exact steps an operating system goes through to mount a USB device, it will help them keep programs secure.
Andrea Barisani, a security expert based out of Italy, put together some open source code which compares the USB enumeration fingerprint for the MacOS, Windows and Linux. The open source code is available on Github.com (here).
This bit of code is probably valuable to software programmers who deal with USB flash drives and portable applications.
You never know where a flash drive has been.
It’s always best to scan a USB flash drive.
Did you know Windows Defender can be setup to scan a USB stick automatically, when it’s plugged in? Below are the steps to make that configuration setup.
By default, Windows 10 does not have this setting configured. We are not sure why, as USB sticks and downloads from internet sites are probably the two most vunerable ways to get a computer infected. Our only guess, is the scan process of a USB stick can take some time, and for a user to have that step done with each connection, could reduce the user experience.
This tutorial will take about three minutes to setup. I would suggest read the rest of this article and when done, go back and perform the few steps required to make the Windows Defender scan for USB flash drives.
We are going to make a Group Policy to scan USB flash drives using Windows Defender.
Let us run the Group Policy editor.
Press the Windows Key + R
Type gpedit.msc and press Enter or OK.
Look for the Administrative Templates under the top Computer Configuration directory, expand this directory (folder)
Scroll down to Windows Components, expand it
In that directory scroll down more and look for Windows Defender Antivirus, expand it
Finally, look for the Scan folder and click that folder.
On the right side of the dialogue box you will see additional settings, search for the Scan removable drives and double click that setting
This setting is disabled by default. Please click the radial enable button to enable this setting for your Windows computer.
Click Apply in the bottom right and then click OK.
That is it. Your Windows computer will now automatically scan USB flash drives using Windows Defender.
Alternatively, you can insert a USB stick and right click the drive letter and select Scan with Windows Defender but the problem here, is the USB could have already done it’s virus work before you had a chance to scan for malicious code.
The average user inserts a USB stick into their computer from a trusted source. However, there are companies and situations who receive USB flash drives or USB hard drives and they are not certain if the device is infected.
Globotron is a company based in New Zealand who designed the product. The product is called Armadillo and is an open-source USB firewall.
Some research has shown, as many as 29 different types of USB attacks can happen from plugging in mass storage devices (like USB flash drives and USB hard drives) or also HID devices (human input devices like keyboards and mouse).
The USB stack which is the low level code used in the host computer, is very complex and over time researchers and hackers have discovered ways to compromise a computer system through these vulnerabilities.
The Armadillo is an open-source device which is a firewall between a USB device and computer. The firewall isolates the firmware of the USB device so as not to infect your PC if the device has been infected with malicious firmware. You just need to plug in Armadillo between your computer and the USB device using the provided micro-USB cable. Armadillo is an upgrade over USG, the original or first-generation USB hardware firewall device.
The Armadillo has bot detection. This means if the USB firewall device detects malicious codes are being entered via keyboard or mouse (HID devices) the device will block transmission and a red LED indicator light will turn on.
The Armadillo has the ability to temporarily make your USB read only. This is valuable if the computer is infected and you need pull information (recovery software) from the USB stick and want to insure virus’ do not infect the flash drive. The USB is read-only, but it is read/write when not connected to the Armadillo.
Note: If you need a USB stick that is always write protected at the controller level, yet need to temporarily turn off the write protection for data changes, the Lock License drive from Nexcopy is your solution.
This last point about the Armadillo is a bit strange, but we like it. The body is sealed with glitter epoxy so it is easy to identify if the box itself was tampered with. Very creative!
The Armadillo USB Firewall is available from Globotron for $150 USD and ships from New Zealand.
Fuzzing is a method of testing with automated software which provides invalid, unexpected, and random data as inputs to a computer program. The testing program then monitors for crashes, assertions and potential memory leaks.
A research team based from Purdue University came up with USBFuzz, which pushes enormous amounts of random data through the USB bus of a system. Hui Peng and Mathias payer (from the Swiss Federal Institute of Tech) came up with the idea and program.
Please don’t lose any sleep over the bugs found.
Peng and Mathias found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), four in Windows 8 and Windows 10 (resulting in Blue Screens of Death) and the vast majority of bugs, in Linux — 18 in total.
Of all these bugs, Windows users do not need to worry, they have been fixed. Of the 18 found in Linux, 16 of them have been corrected already. Those correct where major security flaws.
What we like about the USBFuzz is the underlying theme to improve the security of the USB platform and continued improvement. We also like USBFuzz becoming an open source bit of code that everyone may use to strengthen thier USB product. The team will release a version on GitHub later this year, 2020.
If you are an avid user of USB security dongles, you might know how challenging it may be to get remote access to these devices. To simplify this task, Electronic Team, Inc. has developed a dedicated software solution capable of sharing USB protection dongles over the network.
Donglify is a lightweight desktop application that allows connecting USB hardware keys to remote computers over the Internet and LAN. The software uses the 2048-bit SSL encryption to secure your connections, so you don’t need to worry that your sensitive data will be intercepted or lost.
One of the nicest things about Donglify is that it can redirect one USB dongle to several remote PCs simultaneously. In order to make a USB hardware key available for use on multiple computers, you can just connect the device to your local PC and share it over the network with nothing more than a couple of clicks. This option, currently, works with HASP HL Pro, Sentinel HL Pro, SafeNet eToken 5110, and CodeMeter CmStick security keys.
USB hardware keys of other types can also be shared over the Internet but you’ll be able to access them from one remote machine at a time.
Donglify is available by subscription and comes with a 30-day free trial. When the trial period is over, you can continue using the service for $19.99 a month.
Last year, Google released the Titan security key. It can be used as ultra secure methods for two-factor authentication for some online services over USB-A, NFC, or Bluetooth. Today, Google announced an updated USB-C key to the lineup, which will be available tomorrow from the Google Store for $40.
The new USB-C key appears to have similar functionality to their previous model, all of which are built to the FIDO standard. The USB-C model lacks the NFC capabilities that its other two keys have, but this shouldn’t matter as the USB-C design is meant for you to plug it directly into your portable device, such as phone or ultra-thin laptop. That said, NFC is a bit moot.
Google’s new USB-C key is compatible with Android, Chrome OS, macOS, and Windows devices (Only the Bluetooth key works with iOS, and it requires the installation of Google’s Smart Lock app.) Like its previous keys, Google says the USB-C key’s firmware is permanently sealed into a secure element hardware chip, making the key more resistant to physical attacks.
Google partnered with security key-maker Yubico to manufacture its new USB-C key. Google’s key looks a lot like Yubico’s YubiKey 5C. Both keys are pretty similar, but Yubico’s keys support a few more protocols than Google’s Titan keys do, such as WebAuthn, so they might be the better option for some, depending on what you need.
Google’s other two Titan security keys were previously only available as a $50 bundle, but Google says you’ll be able to buy them individually starting tomorrow. The USB-A / NFC key will cost $25, while the Bluetooth key,
With USB gadgets like this, it’s hare to imagine companies like ADT stay in business for residential customers. This working USB charger includes a miniature camera which acts like a surveillance camera. You can plug any USB gadget into it for charging, all the while record or stream video for what is going on within it’s view.
Use your Android or iPhone you may stream directly to your connected app or stream to a group of people you’ve authorized within the app. The spy camera records 1080p HD footage and will also record that video to the 32GB microSD card (included). Bonus: You can set the surveillance camera to record only when it detects motion.
The camera view is anything directly in front of the plug, so no ability to turn the camera itself, but that is a simple enough problem to solve, just use an outlet that is in-line with the viewing area you want to record.
Here are some noteworthy bullet points about what you will get for the low price of $29USD:
- Motion Detection – Can be set to initiate recording only when motion is detected and then send a notification directly to your phone.
- Loop Recording – Can be set to automatically record over old footage, allowing for uninterrupted video recording.
- Night Mode – Can be set for recording in dim and low light environments.
- Multi-Use – Allows for multiple users to connect to the same device (Supports up to 8 users)
- Multi-View – Allows for multiple cameras to be connected to the same APP / Software. (Supports up to 8 cameras)
The Evela spy camera comes with
Update: June 15, 2020
Paul Whelan was sentenced to 16 years in jail for espionage against the United States. As stated in the original post, and IT professional who cannot access “photos” on a flash drive, which was his cover for trading information, is a red flag something was going on.
Update: Feb 3, 2019
“I want to tell the world that I am a victim of political kidnap and ransom,” Whelan said during a press conference in May. “This is retaliation for sanctions.”
“…There are abuses and harassment that I am constantly subject to. There is a case for isolation,” he continued, before listing alleged abuses committed by prison staff.
The former Marine said that he was being subjected to “typical POW Chapter 1 isolation” techniques to run him down and described his imprisonment as the “Salem witch trial mentality.”
According to Reuters, Paul made a direct plea to the President of the United States saying; “Mr president [Trump], we cannot keep America great unless we aggressively protect and defend American citizens wherever they are in the world.” And this is very true.
It’s not every day we see “flash drive” in the headlines in association with espionage. However, it appears American citizen, Paul Whelan, was arrested in Russia for the charge of espionage.
Gathering information from the news surrounding this situation, Mr. Whelan is an ex-Marine who visits Russia. He is a world traveler, a security expert for a US based auto parts supplier [BorgWarner], speaks Russian and uses a Russian social media platform called VKontakte, or VK.
From reports, the arrest happened like this: Whelan met up with a Russian associate who gave him a flash drive. Earlier in the visit, Whelan claims he received digital images from his vacation through his computer, but could not view them on his computer. Because of this, he asked the photos be placed on a flash drive.
Moments after the two met and exchanged the flash drive, the Russian policy arrested Paul and found state secrets on the USB drive.
Whelan claims he knew nothing of the information on the flash drive and was only expecting to see pictures of his vacation. I certainly hope this is the case, and I certainly hope Paul Whelan gets his chance to prove his innocents.
Some back ground information for Paul Whelan includes:
He served 14 years in the US Marine Corps Reserve until he was discharged for bad conduct in 2008.
His discharge was due to being convicted of trying to steal $10,410 in US currency. He was accused of wrongfully using another person’s Social Security number and writing bad checks. Hey, we all do dumb things when we are young.
Playing devil’s advocate, my only concern is a security IT guy not being able to open pictures? Regardless of the picture file format, shouldn’t be that hard. Maybe goes to show you to only use write protected USB sticks when traveling to another country. You never know what could happen.
Souces: CNN and GetUSB.info