June 2021 Ian Chiu
Flash drives inherently grant users both unrestricted read and write privilege but such access rights may not be practical for vertical market applications.
For instance, medical and industrial control systems are mostly offline or air-gapped for security reasons. Updating firmware and patches for these critical infrastructures therefore relies on the use of direct-attached storage (e.g. flash drives). Off-the-shelf drives will not suffice as they don’t guarantee data security against sabotage. In such cases, companies would want a peace-of-mind solution to meet their security requirements of dispatching read-only drives.
Honeywell recently released a cybersecurity report claiming that 37% of threats were specifically designed to utilize removable media, which almost doubled from 19% in 2020. This number could be drastically reduced when the proper media and solution are used.
For example, there are various non-permanent methods to secure flash drives, including changing read-only attribute with DISKPART through command utility as well as manually setting drive security rights from Windows. These methods get the job done for the average user – although not a significant hurdle for the more determined wanting to take advantage and wreak havoc.
Said another way, these steps will not stop a user with unsupervised access from reverting the drive write permission back to the original state and doing whatever they want with the data. A hardware solution is regarded as a more foolproof solution because hacking into the machine code of a chip is more difficult than hacking into software code. Nexcopy has a hardware solution called Lock License and it addresses the needs of medical and industrial control system cybersecurity concerns.
The overview is Nexcopy’s Lock License working similar to a write-once-read-many (WORM) solution. The solution provides device integrity by having a default state of read-only mode. Yet Nexcopy gives the user the ability to temporarily remove the write protection in a controlled manner. For Lock License, the core component is the custom-coded chip firmware that provides configurable security options.
During our tests, entering a password through Nexcopy’s in-house utility software (GUI) allowed our drive to become rewritable after the password hash was verified. When the content update was complete, simply unplugging the drive reverted the drive to read-only status. There was no need to reset the write protection as everything was done automatically when unplugged. This means the drive is now read-only and the device cannot be formatted nor can files be added to the drive or files on the drive be modified.
The device authenticity and files on the drive remain preserved. This ensures files are not manipulated out in the field when used with air-gap computer systems or offline medical products. This also ensures a virus cannot jump onto the drive because the default state of the drive is read-only.
Nexcopy offers a command-line tool for users to integrate the temporary write status in a custom application. Although we didn’t test a custom integrated solution we did run the list of commands offered by Nexcopy. That screenshot is shown below. The command-line tool opens up some interesting possibilities.
For example, if a company distributes software via USB and is using the Lock License technology, it is possible to remotely update the drive with new software and the drive remains write-protected. Through custom code, the company can include the command to unlock the drives, of course using the correct password to do so, update the drives, and now when the USB is disconnected the drive is automatically write-protected.
There are some important takeaways regarding the Nexcopy Lock License solution:
The Lock License drives are available in both USB 2.0 and 3.0 technologies with capacities ranging from 2GB through 128GB. The company offers different drive styles, colors, and branding to suit corporate marketing requirements.