USB Ports as Cyber Threats—More than just a Thumb Drive

As a young computer geek, I still remember the excitement when USB was introduced. One connector that offered so much—no more special cables per device type, the ability to “hub” multiple devices, the flexibility—and the new hardware devices in stores.

Years later, as an older computer geek ;), I remember the first time I was introduced to the potential of USB as a security threat. There is not one organization today that is immune to this threat. Many organizations—from financial institutions and critical infrastructure to governments—have been infected.

USB ports offer virtually unlimited functionality including Human Interface Devices (HIDs) such as keyboards, mice, barcode scanners and card readers; communication interfaces such as Ethernet, Wi-Fi, Bluetooth and Cellular; and multimedia devices such as microphones and speakers. This unlimited functionality comes with unlimited threats and potential attack vectors.

Many cyber security vendors have introduced—and continue to introduce—good solutions that are focused on protecting against malicious “detachable media” (such as thumb drives). Most of these solutions are offered as part of an endpoint security platform.

The problem with these solutions is they focus on a small part of the problem—but neglect to address the total threat. The “small” part is an important part—but absolutely not sufficient. Some of these solutions offer a way to control the USB functionality on a device type or on a device instance level. But upon device approval (“whitelisted”), they lack the ability to protect the port. Current USB threats are far more than that—attacks can start by connecting innocent looking barcode scanners or any other entry device (i.e. keyboard, mouse, magnetic card readers). Once connected, these devices turn out to be malicious and abuse these connections.

Malicious USB devices are delivered and installed in financial institutions, data centers and other critical infrastructure facilities. These devices are delivered as legitimate devices—by a breached supply chain—starting with vendors and subcontractors, through shipping and distribution channels, to the integrators that install them at target locations. They can, in many cases, be altered later by on-site, trusted visitors.

Sepio is focused on securing computer infrastructure against supply chain cyber threats. Our state of the art USB Cyber Security Solution secures the host’s USB ports and allows the safe connection of different entry devices without concern about infected malicious applications.

Securing endpoints is critical. Existing endpoint security platforms provide a good solution to dangerous threats, but are not sufficient. Other measures, such as the Sepio USB Security Solution, should be added for optimal security.

Please share our blogs and send comments, ideas and materials for future blogs. For more information, visit www.sepio.systems, and follow us on Twitter andLinkedIn.