There are two methods to hide a file on a flash drive. Both methods are free and one is better than the other.
The first method is very straight forward and easy for anyone to use and probably common to most computer users. That said, this first method is also easy to detect the file on the USB.
The second method is more obfuscated and harder to detect. Using the second method it is harder to find the hidden file unless you are specifically looking for it.
Both methods work well for hiding a file on a flash drive and free to use with a Windows computer; however, anyone with a bit of IT knowledge and experience can find the files – so this isn’t a bullet proof method for hiding a file from absolutely everyone.
If you are looking for a truly secure method to hid a file on a USB flash drive then a paid-for-product will be your better solution, you might want to check out some Secure Flash Drives by this company.
But in the meantime, if you need a quick solution, or you don’t want to spend money on a product, today’s article will work fine.
I want to copy protect a digital photo on a USB flash drive. The answer wasn’t as obvious as I had hoped, but I did find it.
Below is the process I used to get what I needed.
The first thing I want to emphasize is that I want to protect a digital copy of a photo rather than a physical copy of a photo.
So, how to prevent a digital photo from being copied from a USB flash drive is a difficult question to answer. My first thought is about the medium I intend to use to send a digital photo to someone.
- Do I offer a download link?
- Do I send them a digital copy on a storage device like a portable hard drive or USB flash drive?
- Do I provide them a weblink to view the file from a hosted server?
The more I considered a delivery method, the more questions I had.
My first thought was to host the photo on a private webpage. Only users with access to the page could view the photo.
This isn’t going to work. I realized that once the viewer is on the page and viewing the photo, they can save it or screen capture it. After that, they could share the digital photo with whoever they wanted. There isn’t much protection here.
My next thought was to put the digital photo in a password-protected zip file. That is a good idea. The photo can only be viewed by someone who knows the password.
Oh wait, that doesn’t work either. I end up with the same problem as the hosted webpage. Once the file is accessed, the user can do anything they want.
So it occurs to me… I keep returning to an encryption solution rather than a copy protection solution. Encryption is useful because only those with the correct password can access the photo; however, it is not the same as my ultimate goal, which is to copy protect a digital photo and prevent it from being copied.
I guess you can say encryption is a way of keeping the honest people… well, honest.
I need a way to protect my photo regardless of the recipient’s intent. I realized I needed a solution in which everyone can see the photo but no one can do anything with it. Is it even possible to find such a solution?
When I was talking with a neighbor who is an IT guy, he mentioned a concept that I’d heard of before but didn’t apply to my thinking. Rather than a digital method of sending the photo, he proposed a type of physical dongle that held the photo. He explained that without the physical device, viewing the photo is impossible.
The lightbulb went on!
If anyone searches for “burn ISO to USB” they will get pages and pages of Rufus links. However, there is a big misconception with Rufus… it doesn’t create USB CD-ROM drives!
The only thing Rufus does is take a bootable ISO file and write the data to a USB stick. Basically Rufus will extra the data on an ISO file and write it to the flash drive. You can do the same thing with WinRAR.
There is nothing magical about Rufus when it comes to “making a CD” because Rufus doesn’t make a “CD.”
If you need to make a USB CD-ROM flash drive the best solution found so far, is the Disc License drive. The Disc License drive is a blank USB CD-ROM flash drive. Using their Drive Wizard software (free), easily write ISO files to USB. The resultant drive will be a USB CD-ROM flash drive.
Before we get into Disc License technology, we do need to clear up some points about WinRAR and Rufus software. WinRAR will extract all the files contained in an ISO file and write them to your USB flash drive; however, if the ISO is bootable, WinRAR won’t write the boot code. This is where Rufus does shine. The Rufus software will write all the files contained in an ISO file along with the boot code to make your device bootable. With that said, there is a clear advantage for using Rufus over WinRAR.
Does Rufus burn any ISO file to USB? NO.
Does Rufus make your USB flash drive read-only, like a CD? NO.
If the ISO file isn’t bootable, there isn’t much [more] Rufus can offer. A non-bootable image will display an error message saying “This image is either non-bootable, or it uses a boot or compression method that is not supported by Rufus.”
Rufus is truly designed for one thing:
We all know what ransomware is. A type of malware which threatens to publish the victim’s data or perpetually block access to the data until a ransom is paid. Specifically, the ransomware encrypts the users data and only after the ransom has been paid will a keycode be provided to free the files.
One solution to avoid paying a ransom is restoring the computer data from a recent backup. If a company configures it’s backup software to perform a backup each night, this is a great solution to restore the original data.
However, an easier solution to avoid a ransomware attack, is make a friendly PC. A “friendly” PC means the ransomware will identify the computer as a system it should not infect. To create a friendly PC use the Windows language feature and install the Russian keyboard. When this is done (pretty much all ransomware software) will identify the computer as a friendly system and not infect it.
This language feature is available in Windows 10 and 10 Pro. We don’t believe the language option is available for Windows 10 Home edition.
More about Ransomware from Wikipedia.
A computer virus is something we all strive to avoid because we understand the consequences and the amount of time and energy required to restore a computer to its original condition. In a recent poll by GetUSB.info when asking users to name the top three ways a computer can get a virus, they responded with:
- Link from an email
- Link from an unsecure website
- USB flash drive
However, if Nexcopy has anything to do with the last answer, a computer virus which spreads by USB flash drive will be a thing of the past.
Nexcopy is a US company based in Southern California who specializes in flash memory duplication equipment, printers, FDA compliant flash drives, copy protection and now a road-blocking malware on flash drives.
A virus will spread via a USB stick because the device is writable. In fact, any device that is connected to a computer which is writeable could spread a virus; other devices such as external hard drives, SD cards, microSD cards, etc. all have the same potential for harm.
But what happens when you turn these storage devices on their head and not allow them to be writable in the first place? This simple yet obvious solution is a gigantic step in the right direction for controlling the spread of a virus via USB.
The Lock License flash drive designed and manufactured by Nexcopy is exactly that. The Lock License drive is a USB stick which is always write protected. The device doesn’t care what it’s plugged into, or when, or how, the Lock License drive will always be read-only.
A virus will spread in a very specific way. A virus is designed to scan newly connected devices and ping them to see if they can spread (if the device is writable). A new device is defined by any computer system when “power” is assigned upon connection, which, coincidentally is the same time the virus will try and spread.
This article will overview PDF copy protection and the available options. A couple of things worth mentioning before getting into the details:
- Encryption is different than copy protection. Encryption is a technology solution where the PDF owner assigns a password to the document and after the user enters that password the user can do anything they want with the file. Print, share, screen capture, etc. The idea for encryption is the document being unattainable until a password is entered.
- Copy protection does not use a password and anyone can see the file. However; the file cannot be copied, printed, shared or screen captured. The idea behind copy protection is the PDF being viewed by anyone, but nothing can be done with the file. When people are searching for PDF copy protection, this is the solution most likely sought after.
PDF or Portable Document Format is an open standard. What this means is the document format was designed to be used in just about any document reader program. The goal for the PDF specification was to make the format as universal as possible. For this reason, it is a bit more difficult than one would think to copy protect a PDF file.
Windows comes pre-installed with Adobe Reader. In addition, Windows has embedded Adobe API code to read PDF files. Even if Adobe Reader was not installed on your computer, or uninstalled, the underlying code is still there to open a PDF. In additional to Adobe Reader (#1 PDF reader in the market) there are dozens of additional PDF reader programs. Again, the goal for all these readers is to open and read a portable document file.
Adobe copy protection solutions are very well known for being cracked. If you Google “Adobe copy protection crack” you will find pages of ways the Adobe security features are compromised. Here and here are two examples of Google search results with web pages dedicated to hacking.
The fundamental problem with copy protection are the lack of controls when viewing a PDF. Meaning a PDF content owner (you) does not have the control over Adobe Reader, or other programs, to stop the user (your client/customer/student) from printing, screen grabbing, sharing and saving.
The idea behind a PDF copy protection solution is a framework where the PDF can be opened and viewed, while you (the content owner) maintains control of the document.
Of course Adobe Reader, FoxIt Reader and others, will not provide the tools to block a user from printing or saving from within their program. In contrast, we need a “reader” or “viewer” with controls to block those functions.
With this in mind, it is difficult to provide a reader with these security functions. Most users who receive a PDF do not want to download and install another program just to read a PDF file. The ease and beauty of a PDF gets lost in that process. No longer is the PDF a portable document format. In addition, a software program that can be downloaded to view a PDF can also be downloaded by a hacker to be reverse engineered. There needs to be something more than just a secure reader/viewer to control the PDF.
The most secure way to copy protect a PDF file is to associate it with something physical. There are some software (only) solutions, but those are not as secure as a solution with something physical.
In this article we will detail how the Nexcopy USB copy protection solution works. Before we start there are important definitions we must all agree upon. As in today’s market place there are multiple vendors using the wrong definitions to explain copy protection.
Copy protection is different than encryption; although copy protection does use a form of encryption in the overall solution.
Encryption is scrambling up data and requiring a password to piece all the data together and display it. Once the password is entered the data can be viewed. The potential security issue is the user who entered the password can now do anything they wish with the files, print, save, share, etc.
Copy protection is different in two ways. First, there is no password required to view the data. Second, the files cannot be saved, printed, shared, streamed when viewed by even the most trusted user.
The later, copy protection, is what most people want when it comes to multi-media files like PDF, video, audio and HTML pages. Most users want the data to be seen by as many people as possible, yet the data cannot be saved, shared, streamed, printed or screen captured.
So with that in mind, let us review how the Nexcopy solution works for USB copy protection.
Here are six bullet points regarding features Nexcopy provides which others do not:
- Copy protected content plays on both Mac and Windows computers
- There are no Admin rights required to play the content
- There is no installation required on the host computer
- The content runs 100% from the flash drive
- The USB stick is write protect, so files cannot be deleted or changed
- The solution is both hardware and software, ultra-secure
The Nexcopy USB copy protection solution runs with the assumption the content owner does not want to share the data with even duplication service companies. It is assumed the content owner wants total control of the data before, during and after the USB duplication process.
Here are the steps for using the Copy Secure drives as the content owner:
Does the title of this article even make sense? Yes, but not to most.
USB enumeration is the process a host computer goes through to identify the type of USB device connected and what the operating system should do with the newly detected device.
Fingerprint would simply imply the different steps a computer operating system goes through when determine the USB device type.
For 99.7% of the people who visit this site, this information doesn’t matter, but for others it does. The security industry would be the prime candidate for wanting this information. If a security expert, team or programmer knows the exact steps an operating system goes through to mount a USB device, it will help them keep programs secure.
Andrea Barisani, a security expert based out of Italy, put together some open source code which compares the USB enumeration fingerprint for the MacOS, Windows and Linux. The open source code is available on Github.com (here).
This bit of code is probably valuable to software programmers who deal with USB flash drives and portable applications.
You never know where a flash drive has been.
Always best to scan a USB flash drive before using it.
Did you know Windows Defender could be configured to scan a USB stick automatically the moment it is plugged in? Below are the steps to configure Microsoft Windows to automatically scan a USB drive↓.
Windows Defender is not configured for automatic scanning when the operating system is installed. Not sure why, as malware spreading via USB flash memory is one of the more prolific tech issues of the day. Our only guess is Microsoft giving us free will to make our own decisions, after all, scanning takes time and why not let the user choose when this is done.
This tutorial will take about three minutes to setup. I would suggest read the rest of this article and when done, go back and perform the few steps required to make the Windows Defender scan for USB flash drives.
We are going to make a Group Policy to scan USB flash drives using Windows Defender.
Let us run the Group Policy editor.
Press the Windows Key + R
Type gpedit.msc and press Enter or OK.
Look for the Administrative Templates under the top Computer Configuration directory, expand this directory (folder)
Scroll down to Windows Components, expand it
In that directory scroll down more and look for Windows Defender Antivirus, expand it
Finally, look for the Scan folder and click that folder.
On the right side of the dialogue box you will see additional settings, search for the Scan removable drives and double click that setting
This setting is disabled by default. Please click the radial enable button to enable this setting for your Windows computer.
Click Apply in the bottom right and then click OK.
That is it. Your Windows computer will now automatically scan USB flash drives using Windows Defender.
Alternatively, you can insert a USB stick and right click the drive letter and select Scan with Windows Defender but the problem here, is the USB could have already done it’s virus work before you had a chance to scan for malicious code.
The average user inserts a USB stick into their computer from a trusted source. However, there are companies and situations who receive USB flash drives or USB hard drives and they are not certain if the device is infected.
Globotron is a company based in New Zealand who designed the product. The product is called Armadillo and is an open-source USB firewall.
Some research has shown, as many as 29 different types of USB attacks can happen from plugging in mass storage devices (like USB flash drives and USB hard drives) or also HID devices (human input devices like keyboards and mouse).
The USB stack which is the low level code used in the host computer, is very complex and over time researchers and hackers have discovered ways to compromise a computer system through these vulnerabilities.
The Armadillo is an open-source device which is a firewall between a USB device and computer. The firewall isolates the firmware of the USB device so as not to infect your PC if the device has been infected with malicious firmware. You just need to plug in Armadillo between your computer and the USB device using the provided micro-USB cable. Armadillo is an upgrade over USG, the original or first-generation USB hardware firewall device.
The Armadillo has bot detection. This means if the USB firewall device detects malicious codes are being entered via keyboard or mouse (HID devices) the device will block transmission and a red LED indicator light will turn on.
The Armadillo has the ability to temporarily make your USB read only. This is valuable if the computer is infected and you need pull information (recovery software) from the USB stick and want to insure virus’ do not infect the flash drive. The USB is read-only, but it is read/write when not connected to the Armadillo.
Note: If you need a USB stick that is always write protected at the controller level, yet need to temporarily turn off the write protection for data changes, the Lock License drive from Nexcopy is your solution.
This last point about the Armadillo is a bit strange, but we like it. The body is sealed with glitter epoxy so it is easy to identify if the box itself was tampered with. Very creative!
The Armadillo USB Firewall is available from Globotron for $150 USD and ships from New Zealand.
Fuzzing is a method of testing with automated software which provides invalid, unexpected, and random data as inputs to a computer program. The testing program then monitors for crashes, assertions and potential memory leaks.
A research team based from Purdue University came up with USBFuzz, which pushes enormous amounts of random data through the USB bus of a system. Hui Peng and Mathias payer (from the Swiss Federal Institute of Tech) came up with the idea and program.
Please don’t lose any sleep over the bugs found.
Peng and Mathias found one bug in FreeBSD, three in MacOS (two resulting in an unplanned reboot and one freezing the system), four in Windows 8 and Windows 10 (resulting in Blue Screens of Death) and the vast majority of bugs, in Linux — 18 in total.
Of all these bugs, Windows users do not need to worry, they have been fixed. Of the 18 found in Linux, 16 of them have been corrected already. Those correct where major security flaws.
What we like about the USBFuzz is the underlying theme to improve the security of the USB platform and continued improvement. We also like USBFuzz becoming an open source bit of code that everyone may use to strengthen thier USB product. The team will release a version on GitHub later this year, 2020.
If you are an avid user of USB security dongles, you might know how challenging it may be to get remote access to these devices. To simplify this task, Electronic Team, Inc. has developed a dedicated software solution capable of sharing USB protection dongles over the network.
Donglify is a lightweight desktop application that allows connecting USB hardware keys to remote computers over the Internet and LAN. The software uses the 2048-bit SSL encryption to secure your connections, so you don’t need to worry that your sensitive data will be intercepted or lost.
One of the nicest things about Donglify is that it can redirect one USB dongle to several remote PCs simultaneously. In order to make a USB hardware key available for use on multiple computers, you can just connect the device to your local PC and share it over the network with nothing more than a couple of clicks. This option, currently, works with HASP HL Pro, Sentinel HL Pro, SafeNet eToken 5110, and CodeMeter CmStick security keys.
USB hardware keys of other types can also be shared over the Internet but you’ll be able to access them from one remote machine at a time.
Donglify is available by subscription and comes with a 30-day free trial. When the trial period is over, you can continue using the service for $19.99 a month.