IronKey’s use of digital signatures in all controller firmware, makes its products immune to this new threat, the company said.
What is BadUSB Malware?
BadUSB malware attacks change the firmware that controls the behavior of the USB hardware, allowing the USB device to become a host that can subsequently infect other computers and USB devices. The modified controller firmware cannot be detected by today’s anti-malware solutions, and in many cases, may remain undetectable.
The best protection against this vulnerability is to use code signing for firmware updates. If the signed firmware is modified, the device cannot authenticate the firmware and simply will not operate. While this prevents the infection from spreading, it also results in an unusable device. That is why in addition to using signed firmware, IronKey protects the mechanism used to update the firmware with hardware-based security keys. This prevents tampering with the signed firmware, which would leave the device unusable.