Data protection and cyber-security: Harnessing the power of write protected USB drives, Greg Morris, CEO of Nexcopy Incorporated based in Southern California, looks at the opportunities for enterprises surrounding read-only USB technology.
November 18, 2020
The world is a global digital economy more than ever before and that move includes the digitization of intellectual property and assets which are shared between customers and clients. The cases of sophisticated data breaches, hacking and cyber crimes target individuals, government entities and private corporations. These attacks have grown by leaps and bounds in the last ten years. According to one report published from a securities website, an enterprise may suffer an average loss of $3.92 million as a result of data intrusion and hacking.
Cyber threats and risks are becoming more severe as IP is increasingly stored in digital format. As such, keeping the digital data, especially confidential data, away from cyber criminals is imperative and should be a primary concern for IT managers and professionals. Without a data protection strategy, an enterprise is unwittingly providing an entry point for cyber criminals to obtain valuable information, which could be worth millions of dollars.
Cyber-security and endpoint data loss protection are key strategies in keeping digital attacks at bay. Strategies which encompass all aspects of data entry points is critical, from the mass storage physical devices like USB flash drives, to network connectivity with cloud storage and network communications.
With this in mind, having efficient and easy to use storage and memory devices is key to enterprise employees adhering to security protocols and at the same time have an ease-of-use through execution of such protocols. Empowering employees on deciding for themselves when, where and which devices to work with is an underrated component of an overall security strategy, yet incredibly important. With the empowerment given to employees, a management team must still account for, and eliminate, user error or forgetfulness even in the most cautions of protocols and procedures.
The USB flash drive was first introduced to the United States via IBM in the year 2000. Today, twenty years later, the flash drive is still a primary storage device used when sharing information. This is true for government, healthcare, finance, automotive, telecommunication and manufacturing, who still rely heavily on USB storage devices, which, if not secure, can inadvertently lead to leaked personal and private information. Employees use USB drives for faster exchange of information and better collaboration between departments or job positions. Employers should be able to provide the needed data storage devices while also ensuring a no-fault security system is in place to protect the company’s intellectual property and the company’s network infrastructure.
For example, in the healthcare sector, it is common practice among doctors to use mobile data storage devices to transfer data easily from a doctor’s office to say that of a hospital. Each location holds sensitive data with patient records and it’s equally important those locations are safe from hacker intrusion. When transferring data between one location and another via a USB flash drive, it is important that device remains secure. The responsibility of digital security falls on the IT professional who manages these digital networks, but also responsibility is held by the user of those technologies.
In order for a virus to spread between locations via a storage device, like a USB flash drive, implys the USB must carry the virus or malicious code from one location to the next. However; these devices cannot get infected if the USB is a read-only device. Meaning the device cannot add new digital content, digital files or malicious code if the USB is not allowed to write data into memory. After the drive is connected and the network scans the device for malicious code the user has access to the drive, at which point a secure password can be entered to unlock the read-only flash drive and make it read/write. The USB drive is always write protected when first connected to any digital device, it is impossible for a virus to jump onto the drive without the user knowing. Only when the user knows the device and environment is safe from hacking, can the password be entered to access the USB drive as a read/write device to transfer files from one location to another.
This type of USB flash drive is called a Lock License drive.
The unique thing about this Lock License flash drive, is the write protection is always enabled whenever the USB is disconnected from the computer. Meaning, the default status of the drive is read-only when connected to any device. When the storage device is reconnected to any computer, it is read-only and files cannot get onto the drive until a password is entered. However, the user experience is very nice and easy because files can always be copied off the drive, without a password. The user gets the full benefit of ease-of-use which a USB flash drive is so well known for, without the hassle and worry of the storage device being exposed to malicious software for data breaches or hacking.
The same caution must be observed with systems-control applications. System Control products are hardware based products which use firmware to run the mechanical product. The hardware are things such as turbine controls for water and power facilities, large pumps for water work facilities or motors to capture wind generated energy. These products are the back-bone of American infrastructure and must be secure at all times. A typical encrypted flash drive doesn’t work to update the firmware of these types of products because the system-control products do not have a user interface to enter passwords. However; a read-only USB device is valuable because it is secure from spreading a virus to the system control units and at the same time the systems control unit can pull firmware or updates from the USB drive without fear of also getting malicious code. The device is not writable, so malicious software or hacking code cannot embed itself into memory on such update devices.
Investing in data protection and cyber security solutions is the primary function of IT professionals and multiple systems and layers of security steps are required to keep a corporation or enterprise safe and secure. By locking down the most common entry point, a USB port, with read-only USB flash memory products from Nexcopy is a key ingredient to the overall success of a cyber security strategy. When correctly combined with endpoint software management, hardware-based write protected USB storage devices can empower public and private sector enterprises and allow them to gain control of their organization’s devices
Learn more about Nexcopy’s USB write protection for flash memory.
Nexcopy turns the market on it’s head with the Lock License flash drive. A flash drive which is by default a read-only or write protected device. The device will accept a user password to unlock the drive through Nexcopy’s Lock License utility software. This new approach gives the power back to the user for when a USB is writable.
“The fundamental change towards how our flash drive works should draw attention for those looking for read-only USB flash drives” says Greg Morris, CEO of Nexcopy Inc. “What is unique about the Lock License approach is whenever power is cut to the device, for example disconnection, the USB is automatically write protected. This is the strongest first line defense against malicious software or virus jumping onto a flash drive without the user knowing. It is impossible to infect a USB drive if the device is write protected.”
Lock License flash drives require a password upon first use. This password is used to unlock the write protection and make the USB a read/write device. This feature provides a personalized solution for each business which uses the Lock License technology. There is no need to set the write protection after being unlocked because simply cutting power to the device will put the USB into its default state: A read-only device.
The Nexcopy Lock License write protect USB flash drive has the following features:
- Default state of drive is read-only, a.k.a write protected
- User assigned password to remove write protection
- No password is required to read from the drive, acts as normal WORM device
- Graphical User Interface (GUI) to set password and remove write protection
- Command line utility for custom integration to remove write protection
- No back door password or feature from Nexcopy to unlock the drive
- Available in USB 2.0 and 3.0 technology and ranging from 2GB through 128GB capacities
Stan McCrosky, head of Sales, comments, “System Control manufacturers for waterworks, electrical utility and petroleum companies need a solution like this. The ability to load software or firmware to a hardware based USB read-only device gives system control companies an incredible amount of security for in-field deployment via USB. More importantly, the command line utility gives the manufacturers a secure way to unlock the drive and update the content remotely without the worry of the drive remaining read/write. It’s simply impossible for the drive to remain writable.” McCrosky concludes.
The Lock License USB flash drive is simple to implement. Steps include:
- Connect USB to a Windows computer
- Open either GUI or command line utility to remove write protection
- Assign a password to be used when removing the write protection
- Data load the drive as needed
- Eject drive from computer once copy process is complete
- At this point the USB is write protected at the hardware controller level
- The Lock License drive can be read (used) by any device on any platform
- Password not required to read data from the drive
- Password is only used when removing write protection to make the USB read/write
Nexcopy Lock License media is available in USB 2.0 and USB 3.0 technology and range it capacity from 2GB through 128GB. Nexcopy offers six body styles for the Lock License media with a wide range of body colors available for each stye, all available for custom branding. The six body styles include Oxford; a capless swivel style drive. Newport; a classic rectangular shape with cap. Lexington; a classic rectangular style with rounded edges and cap. Augusta; a shorter style drive with large lanyard loop. Huntington and Geneva which uses an aluminum body for more durability and also better suited for laser etch branding.
The Oxford style swivel drive is the in stock media Nexcopy carries for same day printing and shipping. Nexcopy inventories USB 2.0 media of 2GB and 4GB capacity and in stock USB 3.0 media of 8GB, 16GB, 32Gb, 64GB and 128GB capacities. The in stock Oxford media is a black body with white swivel clip with full color printing via the Nexcopy Logo-EZ USB flash drive printer.
The Lock License utility is available for download off the Nexcopy support page. The utility requires a Nexcopy licensed USB flash drive. The Lock License USB write protection is not a universal solution for any thumb drive, a Nexcopy drive is required in order to take advantage of the increased security the technology offers.
Kingston Technology, based in Fountain Valley California, will become the majority shareholder in a joint venture set up with Phison Electronics, one of its Taiwanese suppliers.
Phison Electronics will sell its shares in the joint venture called Kingston Solutions, Inc. (KSI) to the Fountain Valley company, which announced the transaction earlier today, August 11, 2020. The deal is worth nearly $60.3 million US.
Kingston, a maker of memory products for computers and consumer electronics, is Orange County’s largest private company. The firm, led by co-founder and chief executive John Tu, had revenue of $12.8 billion last year.
In general terms the TF card and microSD card are the same. They are the same in physical size and same in most technical terms. The two devices may be used in exchange with each other.
There are some technical differences between the two which will be explained later, for now, the biggest difference between a TF card and microSD card is the history of the name.
The TF card came out first. TF card or T-Flash or TransFlash was first to market from SanDisk in 2004. SanDisk, in partnership with Motorola, created the TF card specification. The TF card was the smallest read/write memory form factor and was designed for mobile devices (thus the small size).
TF cards are based on NAND1 memory. The TF card did not last long. At the end of 2004 the Secure Digital Association, which is the governing body over Secure Digital media, absorbed the TransFlash technology and re-branded as: microSD.
This implies, the life of the TF card ended in late 2004 and the microSD card has been available ever since. This will explain why you cannot find a “TF” branded card today (2020). The other reason you cannot find TF cards today is the maximium size of only 16MBs or 32MBs at the time of production. Today you cannot find any memory device with that small of gigabyte capacity.
Here is the technical difference between the two: Micro SD cards can support SDIO mode, which means they can perform tasks unrelated to memory, such as Bluetooth, GPS, and Near Field Communication. Whereas a TransFlash card cannot perform this kind of task.
SDIO mode stands for Secure Digital Input Output, a type of Secure Digital card interface. It may be used as an interface for input or output devices.
The SD Association devised a way to standardize the speed ratings for different cards. These are defined as ‘Speed Class’ and refer to the absolute minimum sustained write speeds. Cards can be rated as Class 2 (minimum write speed of 2MB/s), Class 4 (4MB/s), Class 6 (6MB/s) or Class 10 (10MB/s). It’s important to note that these are the minimum, so it’s entirely possible a card can achieve faster speeds.
NAND is not an acronym. Instead, the term is short for “NOT AND,” a Boolean operator and logic gate. The NAND operator produces a FALSE value only if both values of its two inputs are TRUE. It may be contrasted with the NOR operator, which only produces a TRUE value if both inputs are FALSE.
You never know where a flash drive has been.
It’s always best to scan a USB flash drive.
Did you know Windows Defender can be setup to scan a USB stick automatically, when it’s plugged in? Below are the steps to make that configuration setup.
By default, Windows 10 does not have this setting configured. We are not sure why, as USB sticks and downloads from internet sites are probably the two most vunerable ways to get a computer infected. Our only guess, is the scan process of a USB stick can take some time, and for a user to have that step done with each connection, could reduce the user experience.
This tutorial will take about three minutes to setup. I would suggest read the rest of this article and when done, go back and perform the few steps required to make the Windows Defender scan for USB flash drives.
We are going to make a Group Policy to scan USB flash drives using Windows Defender.
Let us run the Group Policy editor.
Press the Windows Key + R
Type gpedit.msc and press Enter or OK.
Look for the Administrative Templates under the top Computer Configuration directory, expand this directory (folder)
Scroll down to Windows Components, expand it
In that directory scroll down more and look for Windows Defender Antivirus, expand it
Billy Idol’s Hot In The City is a tune which comes to mind whenever talking about USB gadgets that cool thyself.
With summer coming into full swing, this is a good time for a USB fan mention. Cruising the Amazon website this Aikoper product popped up. At first glance I honestly thought the fan was designed by Apple Computers. The aluminum base, slick black body and the cool grey vents, thought it was from Apple for sure. Wrong!
This USB fan has some unique features we believe everyone will like.
There is no switch for turning the fan on or off. Rather you touch the aluminum base. That is very Apple’esc. A single tap to the base and the USB fan goes into “low speed” mode. A double tap will put the USB fan into “high speed” mode. The third tap will turn the fan off. The touch sensitive base has four rubber pads to insure no vibration during operation.
The fan itself is a dual-blade design. Meaning there are four blades toward the front of the bionic shaped shell and another four blades near the rear of the black shell. The idea here is reducing the device noise while in operation.
The black shell case is convex in design to pull air down and into the system, rather than up and into the system. Although the pitch of the shell isn’t great, we may assume less dust and dirt will come into the system from a pull-down air flow design. The curved shell sits on a the aluminum base with some pitch mobility to angle the fan a bit higher or lower for optimal position while in use.
The product dimensions are 5.6 x 3.9 x 4.9 (inches) and sells for $16.99 USD from the Amazon website (at the time of this post).
The Amazon listing has over 1,609 ratings with 61% as a five star product, 13% as four star product and the balance just picky people trying to be overly critical. To give you an idea of product feedback and experience, here are some testimonials from the Amazon listing:
You have a document, video or audio file with sensitive information on it and you need to send a copy to a third party. What options should you consider?
Three options come to mind: email, Dropbox or flash drive.
Sending an email is basically the same thing as sending a postcard. While there are efforts one can use to change this, email remains pretty wide open. This is true and scary; anyone who wants to read your email (not just the NSA) can read your email.
Most times you can send sensitive documents through email and nothing will happen. However; you are playing Russian roulette (almost literally, given the recent theft of 1.2 billion email account credentials by a Russian gang) with the security of that transmission. Remember, the topic of this post is about sharing sensitive data with a third party.
The next logical step would encrypting the email (or files) attached in the email. Encryption is a good option and certainly more secure than sending the email without encryption. You could run into a file size limitation though. Most videos will be larger than a 20MB, which is (generally) the maximum file size one could attached in an email. Encryption is a good next step, but there is a bigger issue at hand than file size. More about that in a few.
Dropbox is next on our list of most obvious options to share sensitive data with a third party. Dropbox is a great option when you have larger files. With Dropbox you could upload those big audio or video files and provide a download link for your recipient. Dropbox doesn’t encrypt your data by default so there is some exposure there. A quick and relatively safe method to encrypt your files using Windows would be compressing the video into a zip file and assigning it a password. Encrypting the data will provide that extra layer of security. As with an encrypted email, the encrypted Dropbox alternative also has a major flaw.
Ask yourself, “Do you trust the recipient?”
In 2015 Intel introduced the Compute Stick or Computer Stick – the item has been around from that point onward. The idea is simple and elegant. Intel wanted to create an HDMI dongle computer which can run Windows 10.
There is no confirmation, but our suspicion is that Intel wanted a ultra-cheap and portable solution to run Windows for embedded applications like set-top boxes (DVRs) and other IoT (Internet of Things) products. If our assumption is correct, it’s a wonderful product and is a great solution for its intended purpose.
PCWorld did an incredible overview of the Compute stick in 2016, and a connection link to that article is at the footer of this post. The PC World review outlined the specifications and performance levels of the Intel based product. We will let that article do the heavy lifting for the tech people out there, but today we want to talk about the applications one might have for a computer stick.
For only $120 (ish) off Amazon, this is an excellent solution to run Windows 10 for a host of specific applications.
Several bullet points worth mentioning right out of the gate:
When trying to format a flash drive in Windows (7 or 10) you will see the file system options best suited for the device. The proper file systems for a flash drive would be: FAT, FAT32 or exFAT. Windows will also list NTFS for a flash drive, but not the best for a USB stick, as mentioned before. The file system types listed by the Windows GUI (Graphical User Interface) will depend on the GB capacity of the flash drive connected.
So why no UDF file system on the list?
First, let me say it IS possible for Windows to format a flash drive as UDF (Universal Disk Format). Microsoft just doesn’t want you to do it; and there are good reasons why.
Before the reasons given for not using UDF as a format on flash drives, let’s clear one thing up: If you think formatting a flash drive as UDF will make the thumb drive appear as an optical drive in the computer – you are mistaken!
From the Wikipedia page about Universal Disk Format, UDF, the specification is governed by the Optical Storage Technology Association and because of that, many believe a UDF anything will work like a disc. It, UDF, is most widely used for DVDs and newer optical disc formats, can be used on flash drives, but does make it operate like one.
If we take out the hope of formatting a USB with a UDF file system, some may feel the Universal Disk Format means the flash drive will work in anything, such as from Windows, to Mac, to Linux, Symbian and/or to proprietary system. The truth here is exFAT will do just the same. Please keep that in mind.
So why not format a USB as UDF in Windows? Here is a list:
- The lack of fully-functional filesystem check tools.
- 64GB limit with Windows & Linux, a bug, not a limit of UDF
- SD and USB mass storage devices are exposed to quick wear-leveling failure
- UDF is read-only for Windows XP
Without bogging down this post with ultra-technical information, from the above list, the most important to consider is the first, lack of filesystem check tools.
This means if the USB is pulled out while in operation and a bit is affected by the action, there are no tools to check the file system for errors. You are flying the dark as to why the USB no longer works and there are no tools available to help you figure it out. Given the flash drive was specifically designed to be portable and quick access, the above action is most certainly going to happen sooner or later, which makes UDF a high risk file system.
How to format a flash drive as UDF:
Connect the USB to your computer and note the assigned drive letter
Today, more than ever, people are working from the home office. Working in a comfortable environment is nice and can be very productive. However; sometimes the home office doesn’t have the same computer equipment or gear to do the jobs needed. With many organizations who are practicing social distancing, or building a work community of remote offices, one will find certain items are still needed.
Let us look at a simple way to make USB copies at the home office. For example, let us think about an IT manager who needs to roll out restore installation packages, or a software developer who is required to deploy software updates to a group of remote users. This IT manager or software developer needs a quick, easy and inexpensive piece of equipment to do the job.
The mini-sized USB flash drive duplicator by Nexcopy is a great solution for this exact problem. The unit pictured below is 6″ long and 4″ wide. So it will fit into any briefcase (if those are used anymore) and light as a book.
The USB duplicator allocates one socket for the master device and four sockets for the target devices. The duplicator is a binary copier and will copy any file format or file system connected to it. The duplicator is powered through a USB cable and is ideal for any sized USB flash drive.
With a duplicator like this, making copies at the home office is very quick and very easy. The duplicator works with a single push of a single button. The mini duplicator may be configured to perform a binary copy or a binary copy and compare. The copy and compare function gives the user piece of mind that each copy is exactly the same as the master. So the USB flash drives can be delivered with the utmost confidence each copy is working and an exact digital copy of the master.
Flipping through the features of the duplicator, we have some other bullet points worth mentioning:
- Asynchronous copy mode, all the time
- Binary copier will copy any format; FAT, FAT32, exFAT, NTFS, HFS, Ext2,3,4, Proprietary
- Binary CRC verification algorithm
- Quick Erase and Full Erase for disk sanitization
- Four language modes in LCD menu
- USB speed benchmark utility
- Firmware upgradeable
So how much will this mini USB duplicator benefit a home office employee? The easiest way to determine this is asking ourselves how much time the duplicator will save. This mini system, called the Nexcopy USB104SA will copy one GB of data to each device in about one minute. That is ultra-fast. So if the IT manager or software engineer had to data load a 12 GB data set, it would take about twelve minutes to make four copies. There is now way Windows could copy data that fast to four sticks. When using the copy and compare mode it takes a bit longer… about 1.5 minutes per GB. So still incredibly quick.
There are a couple of features listed above one may not be familiar with, so let’s review. The quick erase or full erase is a scrub method to remove all data from the USB flash drive. This is a nice feature to guarantee data is removed from the USB with no chance of the data being recovered. Formatting a drive doesn’t remove data, but erase will. The quick erase will scrub certain portions of the drive so some data could remain, but most likely corrupted and unable to recover. The full erase function will randomly write binary zero and one data to the entire memory of the flash drive. By doing this random write sequence, it would be impossible for even the most sophisticated forensics recover software to restore data from the device.
The four language modes include English, Spanish, Portuguese and Simplified Chinese.
The USB benchmark speed is a great tool to figure out the quality of media one is using. This is particularly important when dealing with promotional quality media, as promo memory is very instable. The easiest way to determine the quality of memory is looking at the write speed. With the benchmark utility one can test the read and write speed of a drive. The USB duplicator will write about 20MBs of random data to determine the average read and write speed. If the USB memory has a write speed of 4MB/second or lower, it’s not good quality. If the write speed is above 8MB/second for USB 2.0 media and above 20MB/second write speed for USB 3.0 media, it is of better quality memory.
The CRC verification method is Cyclical Redundancy Check verification method and is most reliable for NAND memory. Probably best to search for CRC verification for a complete understanding of this protocol.
The USB duplicator made by Nexcopy is a backward compatible product and will copy to USB 1.0, USB 2.0 and USB 3.0 flash drives. The duplicator will write to the device as fast as it will allow. The best write times will result from the operator using USB 3.0 media.
The USB104SA has a manufacturer suggested retail price (MSRP) of $399 USD.