IronKey USBs protect against BadUSB malware

IK W500-1Imation has announced its IronKey Secure USB devices are not vulnerable to BadUSB malware, the first USB malware designed to attack the device itself instead of attacking the data on the device.

IronKey’s use of digital signatures in all controller firmware, makes its products immune to this new threat, the company said.

What is BadUSB Malware?

BadUSB malware attacks change the firmware that controls the behavior of the USB hardware, allowing the USB device to become a host that can subsequently infect other computers and USB devices. The modified controller firmware cannot be detected by today’s anti-malware solutions, and in many cases, may remain undetectable.

The best protection against this vulnerability is to use code signing for firmware updates. If the signed firmware is modified, the device cannot authenticate the firmware and simply will not operate. While this prevents the infection from spreading, it also results in an unusable device. That is why in addition to using signed firmware, IronKey protects the mechanism used to update the firmware with hardware-based security keys. This prevents tampering with the signed firmware, which would leave the device unusable.

Tagged ,