USB flash drives can be a significant security threat to both consumers and organizations and pose a serious problem for those trying to protect their computers and networks.

Thumb drives are convenient because they are small in size and fast with read and write performance making them an ideal device for moving data; however, flash drives can be abused by cyber criminals to infect computers because of their ease-of-use.

Until the Nexcopy Lock License technology was introduced the fundamental way a flash drive works is a benefit for how malware can spread, because all USB flash drives have a read and write status by default. Lock License technology reverses the state of the flash drive – the device is always write protected, or said another way: read only.

Recently, a team of scientists from Liverpool Hope University in the UK created a sophisticated USB device with all sorts of endpoint protection software loaded on the USB drive in the attempt to block malware getting onto a drive.

The Liverpool Hope University scientists said, “If the OS is not configured to restrict and promote the user’s permission on an inserted USB device, then as soon as the USB drive is inserted it can execute default auto run script that can deliver the intended payload to the computing devices and deliver multiple kinds of malicious programs such as viruses, Trojans, Keyloggers, Spyware, Remote Access Trojans (RATs), and so forth to the computing devices.”

However, what these scientist overlooked in their research is the simple fact of making the USB read only.

It is important to understand how a virus interacts with a USB device to fully appreciate the above sentence.

A virus designed to spread via USB has two main goals: First, spread any way possible via USB and second, remain undetected as long as possible. Because a virus is trying to stay undetected the malware will ping any USB device connected upon power up. Once the virus identifies if the USB device is usable, the virus will go back into hibernation. For example, if a USB mouse is connected the virus quickly determines this is a HID device (Human Input Device) and does not have memory for the virus to spread it’s code. However, a virus will ping a USB flash drive and quickly determine it is read/write and will insert it’s code onto the USB flash memory.

With a Lock License USB flash drive, the device is always write protected. This default state of the flash drive means a virus will identify the USB as read only, leave it alone, and got back into hibernation. Malware does not re-examine devices because the more active a virus is, the more likely the virus will be detected.


This is what the scientists at the Liverpool Hope University did not take into account when building their anti-malware device, is the simple fact of removing the “write” capability of the USB flash drive.

With a Lock License drive defaulting to a write protected state, means control of when the USB device becomes writable is 100% in the hands of the User. This means a User can perform all the scans and testing they require before determining the flash drive is clean and making the USB writable. The old ways of how a virus writes itself onto a USB flash drive is gone, because the Lock License USB is read only.

The Lock License technology has two unique characteristics. First, the User must enter an encrypted password to enable the write function of the USB device. Again, this puts total control back into the hands of the user for when write access is granted to the device. Second, the device is always write protected when connected to any system.

Consider the following:

A User enters their encrypted pass code to make the USB writable. Once their data load is complete the User removes the drive. At this point, when the power is cut to the Lock License drive, the default state is now read only. When the Lock License drive is connected to anything again, it is write protected and read only and impossible for a virus to write itself onto the flash drive.

This simple change of manufacturing a drive to always be in a read only state is the game changer against malware and cyber security threats via USB flash drives. Without the USB device being writable, it is impossible for a virus to spread to the device.

Closing Comment

The Lock License drive is a hardware solution. The write protection is not a software setting. There are no drivers to install or software to install. The USB flash drive will always be write protected when connected to any device, such as a Linux computer, Mac or Windows computer, a car stereo or any other host. To make the Lock License drive writable for data loading is only possible on a Windows computer.

Image Source: BigStockPhoto.com (Licensed)

 

Incredible Things