Friday, August 1, 2014 - Kanguru recently became aware of reports on the potential risk of a new class of malicious attack called "BadUSB" which focuses on USB technology, including webcams, computer mice, and keyboards. The theory of this attack is that the USB device firmware (the software code which runs computer chips) could potentially be hijacked and overwritten in order to provide some type of host computer access to cyber criminals.
The Kanguru Defender® Series of encrypted USB devices are designed in compliance with NIST’s requirement of digitally signing device firmware. Changing the customized, onboard device firmware with an unauthorized, malicious version is not possible. Furthermore, there are self-tests run at startup of the cryptographic module within the USB drive which ensure the integrity of the original firmware. If the self-test fails, the device will not operate. This has been validated by NIST for a range of Kanguru’s Defender devices that have achieved FIPS 140-2 Level 3 and Level 2. In addition, other Kanguru’s Defender devices that haven't undergone the FIPS certification process still have this firmware security feature implemented and are also not at risk. See NIST standards for more information.
Kanguru will monitor this important issue closely as additional details are made known. We will continue to keep our customers aware of any new developments.
Visit Kanguru's FIPS 140-2 Certified, Hardware Encrypted drives for more information.