17th March 2015
An exploit that allows attackers to turn a normal USB device into a malicious one.
BadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014.
It appears to demonstrate that as long as there is computer access to a USB device such as a USB flash drive, a malicious code can be programmed to exploit the USB controller of the USB device via firmware programming tools and so various malicious functions can be applied to the compromised USB device.
While this theoretical threat potentially relates to billions of different USB devices around the world.
This form of attack is very complicated and would be very difficult to implement.
The attack described is very sophisticated and in the case of iStorage products would require advanced knowledge of our USB controllers, a leaked version of our firmware, the programming tool to update our controller, the password used for our programming tool, and an in depth understanding of the device’s dual controller functionality.
SR Labs recommends a guaranteed method to eliminate this threat by simply disabling the ability to update the controller’s firmware.
Therefore, iStorage devices shipping today, including all of our USB 3.0 security products already have the firmware locked which prevents any updates to the USB controller. iStorage further assures that it is locking down the firmware on all USB controllers used in iStorage devices against this vulnerability.
For further information on iStorage’s range of data storage solutions please visit www.istorage-uk.com or
call us on +44 (0)20 8991 6260.
iStorage provides high performance and ultra secure portable data storage and security products to users who need to protect their data held on PCs, Macs and portable devices. The founders of iStorage are pioneers in their field and hold several patents, both granted and pending, on a range of related data storage and security products. With a strong belief in careful product selection and unrivalled customer service, iStorage continues to deliver market leading innovations in portable data storage and digital encryption technology.
For further press information and product imagery please contact:
Ben Veal / Holly Wale
T: +44 (0)1225 471202