18 Jun A USB Firewall Is Essential For True Cyber Security
While trojans and email phishing remain popular in hacker toolkits, physically entering a system is one of the most effective tactics a properly determined hacker can do. Using a USB firewall may be your best defense.
Most likely, your computer trusts any USB device inserted into it. Hackers can employ malicious malware introduced into USB drivers to attack a machine.
The Stuxnet virus, which momentarily damaged Iran’s nuclear program, was sent to Iran’s Natanz nuclear plant on a thumb drive by an Israeli double agent. Russia was able to infiltrate a secret network by distributing virus-infected USB devices at retail kiosks near NATO headquarters in Kabul. Finally, the correct employee purchased one and put it into a machine that was not linked to the internet.
Not everyone runs a classified server or a nuclear program, therefore a USB firewall may be overkill for some. But who has not purchased a cheap thumb drive in a hurry? That gadget might be infected with malicious applications that you won’t detect and is sending your personal information to a third party.
Enter Robert Fisk’s GitHub project, the “USG.” From Fisk’s description:
Antivirus scanners will not identify BadUSB since there is no infection to detect. Malicious USB instructions penetrate right into your USB driver stack, compromising your PC before file-based scanners see anything.
You can avoid BadUSB by adopting virtualised operating systems like Qubes. However, the USG is the only plug-and-play BadUSB protection that does not require you to change OS systems. It can even secure older and embedded devices that use out-of-date software…
The USG has two STM32F4 microprocessors that communicate over a high-speed serial interface. This internal link creates a firewall barrier, thereby preventing harmful USB commands from reaching your machine.
Why should you trust this device? You should not! Never put your trust in anything. But, while Fisk is selling them for $60 each, the project is free source. You can understand what’s going on behind the hood and construct it yourself. Maybe there’s an IT man at work who can assist. Jamie Zawinski, a seasoned programmer who has worked on Mozilla, XEmacs, and early Netscape Navigator versions, also recommends the project.
USB firewalls must be implemented, whether through this project or an upgraded version of the same principle.
Get Our Free Book
Cybersecurity essentials for business owners