USB Nand Flash Sticks

It is with some amusement we recently read that USB flash sticks have been used to subvert an important network and computer system.

(I guess what we see of the cyber protection unit on Die Hard 4 is complete bollocks then !!)

There are a number of systems for computer subversion using USB Storage devices that have yet to go public.

These systems when coupled with logical exploits, allow the Flash Stick to actively ‘avoid’ or subvert forensic analysis. As a result, examples of the above security breach into high level systems are only the beginning.

What many fail to realize is that a USB Nand Flash Stick is actually an embedded computing solution, coupled with a massive amount of attached storage; add into this mix the ability to page in/out code modules from the Nand-Flash memory chip to the embedded controller and you have a reconfigurable portable tool set.

Such flexibility allows these devices to be subverted into  an effective hacking /subversion tool with the potential to subvert systems from within the firewall boundary or corporate security system, and in a manner that is limited only by the programmers ability.

A number of companies including for example IRONKEY , look at security purely from the point of view of protecting the integral data held on the device.

But, consider for a moment:

‘What if the manufacturer of the device is the problem…..’ there is no central repository identifying valid and secure manufacturers product ( I could produce an ‘Ironkey’ fake product -supply it into  the market specifically targeting people  who require to secure their data- but in reality the  device could be a hardware Trojan designed to  phone home once connected to a  networked computer system)

Other effective subversion systems include the multitude of  photo frames and media storage devices available from online shops via the internet (EBay) coupled with a virus/tools set loaded at source during factory production of the device.

Whilst this sounds  more like a conspiracy theory than reality, it needs to be remembered that these devices are mass produced in ‘factories’ that may consist of less than 3 workers any one of which would be more than happy to pre-install the chosen software for the option of getting the manufacturing business.

Interested in non-standard uses for Nand-Flash devices? Here is a  ‘SPY PEN’ device we recently looked at:

Whilst performing a Forensic recovery on the device we were able to recover some interesting footage of the device’s production facility.

Leave a Reply