DeviceLock, Inc., an international leader in endpoint data leak prevention software solutions, commented today in response to many requests from its customers on the recent news around the “unavoidable” nature of the BadUSB exploit technique that could turn standard USB devices into “evil” threats for corporate IT security. The BadUSB demonstration is scheduled at Black Hat security conference in Las Vegas on the 7th of August 2014.
“Although little technical information on BadUSB has been released by its authors at the Security Research Labs’ website, it is clear that the main danger of this kind of USB-related hack method relates to the fact that the “core” malware can be injected inside and further operate from the reprogrammed firmware of the compromised USB device”, - explained Ashot Oganesyan, DeviceLock CTO and Founder. “Due to the inability of modern anti-malware solutions to scan and disinfect the content of a USB device’s firmware, the malware from the infected USB controller uses basic USB protocol communications in order to deliver various malware agents from the peripheral to the computer or implement different types of complex attacks with the ultimate goal of either immediately exfiltrating sensitive data from the computer or infecting it for further malicious actions.”
“We are anxiously waiting further details of the BadUSB demonstration and research findings by Karsten Nohl and Jakob Lell on August the 7th at the Black Hat conference”, - commented Oganesyan. “However, based on what is already known about the BadUSB concept, we can confidently conclude that its proliferation from “infected” USB devices to a computer protected by DeviceLock Endpoint DLP can be prevented by blocking all USB connections at the USB port level and allowing only company-approved USB devices in the White List. When such a configuration is enforced, the DeviceLock agent blocks all communications over the USB protocol between the computer and any non-white listed USB devices. As a result, DeviceLock fully eliminates the ability of unapproved BadUSB compromised devices to be able to penetrate the protected computer. With regard to company-authorized whitelisted USB devices, we advise our customers to utilize only those types of USB devices whose controllers cannot be reprogrammed from a regular PC – the method used in the BadUSB exploit.”
“Even in a rare case of having a whitelisted USB device infected by BadUSB evade DeviceLock’s USB-level controls and infect the computer, DeviceLock protects the endpoint by performing its key function of preventing data leaks by additionally enforcing content-aware controls over files and other data leaving the computer via local and network channels. Though in this case DeviceLock cannot prevent BadUSB from infecting the computer, it ultimately prevents the malware from leaking sensitive data from the computer”, - concluded Oganesyan.
The DeviceLock Endpoint DLP solution addresses the needs of organizations that require a simple and affordable approach to preventing data leaks from corporate Windows and Mac laptops, desktop computers, or virtualized Windows desktops and applications. The DeviceLock DLP solution is designed to effortlessly scale from small to large installations and simplify DLP deployment and management such that it can usually be performed by in-house Windows administrators using the Microsoft Active Directory’s Group Policy Management Console or DeviceLock’s companion consoles. The complete package delivers an unprecedented level of functionality among endpoint DLP solutions in an easily affordable price range.
About DeviceLock, Inc.
Established in 1996, DeviceLock, Inc. provides device control and endpoint data leak prevention software solutions to businesses of all sizes and industries. Protecting more than 5 million computers in more than 70,000 organisations worldwide, DeviceLock has a vast range of corporate customers including financial institutions, state and federal government agencies, classified military networks, healthcare providers, telecommunications companies, and educational institutions. Based in San Ramon, California, DeviceLock, Inc. is an international organization with offices in London (UK), Ratingen (Germany), Milan (Italy), Vancouver (Canada) and Moscow (Russia).