Tag: USB thumb drives

Be careful about USB memory keys left in the letterbox

Articles USB memory keys press picture courtesy of Victoria Police

Police warn of malware-laden USB sticks dropped in letterboxes | The Register

Crims place booby-trapped USB drives in letter boxes | IT News

Don’t plug it in! Scammers post infected USB sticks through letterboxes | Naked Security (Sophos blog)

From the horse’s mouth

Victoria Police

Press Release

My Comments

An issue that is being raised concerning data security is people loading data from USB memory keys that they don’t expect.

This has been used as a way to distribute malware to businessmen at conferences because these thumbdrives, like floppy discs and optical discs, have been accepted as a way to distribute conference content or “electronic brochures” and added to participants’ “show-bags” handed out at these events. The typical method of delivering a malware-laded USB stick was to abandon it at the venue, hotel or “watering-hole” bar and it would inspire people’s curiosity to pick up this memory key, plug it in to their laptop and load up what was on the stick.

Newer iterations of the desktop operating systems i.e. Windows or MacOS have made it hard to allow one to run a program off a USB memory key by default. Similarly, most of the desktop security software would implement removable-media scanning routines to automatically check for malware on a USB stick or other removable media. But there have been some USB thumbdrive variants which have had the firmware altered to run keystroke macros or meddle with network settings.

This situation has now been found to occur in a personal-computing context in some of the outer south-eastern Melbourne suburbs like Pakenham. This was where USB memory keys were left on households’ mail boxes and these thumbdrives were full of malware including fraudulent content-streaming offers. Infact Victoria Police even encouraged Australian householders who received these thumbdrives in their mailbox to contact Crimestoppers Victoria by phoning 1-800-333-000 or using the online form.

But the common security advice to deal with USB memory keys that you didn’t expect to receive is not to insert them in your computer. If you do expect to receive one of these sticks such as them being in a show-bag from a vendor or you receiving conference material on one of them, make sure that you have your operating system and desktop security software patched and updated.

USB.org to introduce authentication in to the USB Type-C platform

Article

The USB Type-C connection will now be able to be authenticated irrespective of vendor

The USB Type-C connection will now be able to be authenticated irrespective of vendor

New USB Type-C Authentication spec can stop faulty cables before they do damage | Windows Central

From the horse’s mouth

USB.org

Press Release (via BusinessWire)

My Comments

Increasingly the USB connection standard has shown up a need to verify or authenticate device connections on a hardware level. Initially Apple had engaged in this practice with their iOS devices that use the Lightning connector to make sure that properly licensed Lightning cables are used with these devices. But there have been other reasons that this kind of authentication is needed.

One of the reasons was the existence of fake charging devices that are typically installed in public locations. These espionage tools look like plug-in AC chargers or “charging bars”  but are really computing devices designed to harvest personal and corporate data from visitors’ smartphones and tablets. The mobile operating systems have been worked to address this problem whether through asking users what role the mobile device plays when it is connected to a host computing device or whether you trust the host device you connect your mobile device to it.

But there has also been concern raised about ultra-cheap USB Type-C cables, typically Type-A adaptor cables, that aren’t wired to standard and could place your laptop, smartphone or tablet at risk of damage. In this case, users want to be sure they are using good-quality properly-designed cables and power-supply equipment so that their devices aren’t at risk of damage.

The USB implementers Forum have established a connection-level authentication protocol for USB Type-C connections. This implements some of the authentication methods used by Apple for their Lightning connection to verify cables along with the ability to verify the devices that are on the other end of a USB Type-C connection.

For example, a traveller could rectify the “fake charger” situation by setting their mobile gadgets only to charge from certified USB Type-C chargers. Similarly, a business can use low-level authentication to verify and approve USB storage devices and modems to the computers under their control are connected to in order to prevent espionage and sabotage. Vehicle builders that supply software updates for their vehicles to rectify cyberattacks on vehicle control units can use this technique as part of their arsenal for authenticating any of these updates delivered to customers via USB sticks.

What needs to be established is that the USB interface chipsets installed on motherboards and other circuit boards need to be able to support this kind of authentication. Similarly, operating systems and device firmware would need to support the low-level authentication in order to reflect the user’s choice or company’s policy and communicate the status concerning USB Type-C devices properly to the end-user.

At least it is an industry-wide effort rather than a vendor-specific effort to verify and authenticate USB devices at the electrical-connection level rather than at higher levels.

Consumer Electronics Show 2016–Part 2 Accessories, Peripherals and the Home Network

I am continuing to write up about the trends that have been presented at the Consumer Electronics Show 2016 in Las Vegas, USA.

 

Just before, I had covered the trends affecting desktop and mobile computing with such things as 4K and OLED screens, narrow bezels, Intel Skylake internals, business computers appearing at a consumer-focused show, and gaming computers that are rated for Oculus Rift.

Now I will be covering various peripherals, accessories and how your home network will evolve.

Display Monitors

The display monitors for your computer are following a similar trend to what is happening for TV. This includes 4K ultra-high-resolution screens and curved displays. But a few manufacturers are rolling out OLED screens in their product lineup. This will mean that you could see the benefit of increased contrast and colour definition on your computer’s display whether it serves as a secondary or “desktop” monitor for your laptop or primary or secondary monitor for your desktop.

Expect the USB Type-C connector to be common on this year's computers

Expect the USB Type-C connector to be common on this year’s monitors and peripherals

One of tbe trends starting to appear is for a display monitor to have a USB Type-C connector, more so with DisplayPort over USB-C connectivity. This capitalises on the fact that the monitor will be connected to a suitably-equipped laptop, tablet or 2-in-1 and will be this cable is the one cable that will provide power to charge or run the portable along with a physical link for data and video. Most of these monitors will have a self-powered USB hub along with an integrated Webcam and speaker system. On the other hand, there are the 15”-19” portable monitors with USB-C connection and powered by the host computer which will serve as portable “extra-screens” to use with these computers.

ASUS has presented the latter type of these displays with their MB169C which is a 15” portable monitor that features a 15.6” Full HD LCD screen and connects to the host computer via a USB Type-C connector. They also launched the MX27UQ which is a 27” 4K UHDTV screen with Bang & Olufsen ICEPower amplification for the sound and can stream sound from your computer or smartphone via Bluetooth. This is available in an Icicle Gold finish. They also launched a 34” curved monitor with a UQWHD (3440×1440) resolution that has a Qi wireless charging base and has its sound amplified using B&O ICEPower technology.

Lenovo ThinkVision X1 4K monitor

Lenovo ThinkVision X1 4K monitor

Lenovo has added the ThinkVision X1 monitor to their premium “X1” computing product lineup with this one being equipped with a 27” 4K IPS screen set against a very narrow bezel. It is intended to be an “at-base” companion to the latest crop of laptops thanks to a USB Type-C connection that provides power to the laptop that it is connected to as well as being a USB hub. It also comes with a 1080p Webcam that has a microphone array, LED lighting and mechanical privacy filter; along with a stereo pair of 3W speakers. It can also be connected to other devices thanks to an HDMI 2.0 or DisplayPort 1.2 connector.

The Lenovo ThinkVision X24 Pro adds on an Intel RealSense camera and the option for a WiGIg connection bar for wireless connectivity with suitable laptops and tablets. Gamers will relish in the fact that Lenovo has catered for them with the Y27g Razer Edition curved gaming monitor which has a 27” Full HD display and RGB lighting on the back to providing interesting effects. This also can work tightly wiht G-Sync-capable display cards.

LG advanced the 27UD88 27” 4K gaming monitor that optimises itself to work with the latest AMD graphics subsystems.

Dell has not been quiet on the display monitor front with them offering a range of 21” and 23.8” wireless monitors that can work with Windows and Android devices. These also have a Qi / PMA wireless charging base with the smaller variant having 2 three-watt speakers and the larger variant having a narrow bezel and improved colour accuracy.

They alos premiered the UltraSharp 30 which is a 30” 4K OLED monitor that also uses a USB Type-C connector as a way to connect to the host device.

Computer Peripherals and Accessories

With the computer manufacturers releasing more devices that are equipped with USB Type-C connectors, especially as a way to power these devices, the peripherals and accessories scene has responded with a range of devices that have USB Type-C connections.

Lenovo will be fielding the WriteIT 2.0 which adds pen capabilities to any Windows-based tablet or 2-in-1 that implements a touchscreen. This could then allow you to benefit from pen-based operation without paying dearly for that function. Wacom are also selling this same stylus as the Bamboo Smart and thsi works with “active electrostatic” or capacitive touch screens.

The Lenovo Link 32Gb memory stick celebrates mobile and regular open-frame computing very finely by allowing you to connect your Windows and Android devices to each other. This allows you to mirror your Android phone’s display on your Windows computer and provides local file transfer between both platforms. It will work with Android 5.0, Windows 7 and newer versions of these operating systems and your smartphone will have to have a USB On-The-Go connection or USB Type-C connection.

Lenovo also added to the ThinkPad Stack an external battery pack and a pico projector.

Samsung 2Tb solid-state external storage device press picture courtesy of Samsung USA

Samsung 2Tb solid-state external storage device

Samsung used their expertise in developing solid-state flash storage to prepare a USB portable storage device that can hold up to 2Tb of data, the same quantity as a lot of USB hard disks. This connects to the host device using a USB 3.1 Type-C connection but you could connect it to existing devices using a USB Type-C adaptor cable.

Griffin are known for aftermarket accessories and peripherals that are typically pitched to the Apple ecosystem but, in a lot of cases, can work wiht omst computers. They have fronted up with the BreakSafe cable which gives USB Type-C connections the same “safe disconnect” abilities as Apple’s MagSafe connection, a boon to those of you who own the latest 12” Apple MacBook that uses this connection. They also launced an external battery pack that attaches to your keyring so you can charge up your Apple Watch when out and about. They also launched the Survivor Slim Case which is a ruggedised case for the Microsoft Surface Pro 4.

Seagate have launched one of the slimmest USB external hard disks around in the form of the Backup Plus Ultra Slim external hard disk. This device has a thickness of 9.6mm and is about more data in a slimmer package. As required for Seagate external hard disks, this unit has backup software with one-touch or scheduled host-system backup. Similarly, LaCie have launched an external hard disk that has Porsche design and connects to your host computer via USB Type-C. But this unit has another USB Type-C connection so you can charge your MacBook or other USB Type-C computer without forfeiting hte ability to use the external hard disk.

Scosche have also launched a lineup of USB Type-C cables, port hubs / chargers and adaptors. One of these is the StrikePort USB-A + HDMI + USB-C adaptor which has a USB Type-C connector for charging while another of these is the StrikeDrive USB-C car adaptor which plugs in to your vehicle’s cigar-lighter socket so you can charge your USB-C devices – this can charge or power 2 12-watt USB-C devices. There is also a range of StrikeLine charge-and-sync (data) cables with ones that connect a USB-C device to a USB-A device and another that connects a USB-C device to a MicroUSB device.

Panasonic have established the case for BluRay optical discs as a “cold-storage” medium for archived data and this is based on what Facebook is storing those selfie snaps, holiday pictures and other images that you tender to the social network. They have started with 100Gb disks bot are moving towards 1 Terabyte disks which they are calling “Freeze Ray”.

Braven have come forth with a slew of accessories for your smarpthone or tablet. One of these is the BRV-BANK Pro LE which is an ultra-rugged modular battery pack . This pack has a 300-lumen LED torch and is built in aircraft-grade alumium housing and can charge devices via a 1.4A USB port and a 2.1A USB port. The device has a waterproof rating for IPx7 and houses a 6000mAH battery.

Braven BRV-PRO LE modular rugged power bank press picture courtesy of Braven

Braven BRV-PRO LE modular rugged power bank

But it is part of a Braven accessory ecosystem with a solar charging panel, speaker, multi-tool, GoPro action mount and a stacking plate. A smartphone app which links to this battery pack via Bluetooth supports a “Find Me” function which causes the torch to flash SOS in Morse code. Campers will also appreciate the “Bear mode” that uses the smartphone’s motion sensors to alert the BRV-BANK Pro LE and cause it to flash the torch light and sound an alarm if the phone is disturbed. Here, the idea is to pack the phone with your food supply and be alerted if the local wildlife starts raiding your food supply and is a problem that faces North American campers because of bears being too dependent on campers’ food supplies.

Razer have even provided Intel RealSense technology in to an add-on Webcam in the form of the Stargazer 3D Webcam. This can give existing desktop computers that don’t necessarily come with integrated RealSense abilities this kind of sensing and could open them towards Windows Hello facial recognition along with 3D scanning.

In an out-of-the-ordinary move, Black & Decker, know for those power drills, have integrated USB device-charging functionality in to their power-tool batteries. They also implement an app to support a “find-me” functionality along with the ability to support a “check-in / check-out” function and the ability to control when the batteries are used.

Your Home Network

Yhere are a few trends that are affecting the home network and how it is set up. One of these is 802.11ac Wave-2 Wi-Fi with MU-MIMO operation. The MU-MIMO function effectively creates dedicated bandwidth for each MU-MIMO device that uses the network but also frees up more bandwidth for ordinary Wi-Fi devices. This function is moving down towards the mid-tier routers and starting to appear in wireless range extenders with this function being about optimised bandwidth on the backhaul link and the device-side link.

It was also the time that the IEEE and Wi-FI Assocations have cemented the 802.11ah 900mHz “HaLow” wireless-network specification. This uses a lower frequency than 2.0GHz 802.11b/g Wi-Fi thus having a longer range and lower power but it doesn’t have the same data bandwidth as the Wi-Fi standards that we currently use for the home network. This will be pitched towards the “Internet Of Things” application case where a lot of sensors and allied devices will rely on batteries expected to run for a long time.

As far as HomePlug AV2 is concerned, the concept of the HomePlug access point which supports 802.11ac Wi-Fi and HomePlug AV2 has finally hit American shores thanks to Netgear.

Linksys have released their EA9500 4×4 802.11ac MU-MIMO router with Gigabit WAN and 4 x switched Gigabit LAN. This uses eight antennas to provide the MU-MIMO function. There is also the EA7500 3×3 802.11ac MU-MIMO router which is similar to the EA9500 but has reduced MU-MIMO abilities.

The Linksys RE7000 4×4 MU-MIMO range extender optimises the bandwidth used for the downstream devices whin it is linked to a MU-MIMO access point. As well, this multifunction range extemder has a Gigabit Ethernet port and can be set up to serve as a wired client bridge for a wireless network or as a MU-MIMO wireless access point – the latter being a way to upgrade your wireless netowrk to MU-MIMO abilities without throwing out your existing router. They also offer a MU-MIMO USB wireless network adaptor so you can join MU-MIMO wireless netowrk segments using your existing laptop.

Linksys have released DOCSIS 3.0 cable-modem hardware including a cable modem-router. They also exhibited the X6200 which is an ADSL2/VDSL2 modem router works on the 802.11ac standard.

D-Link have sold the AC4300 MU-MIMO wireless router and AC1300 MU-MIMO range extender as a kit in order to appeal to those of us who have larger houses.

Netgear have released the R7800 Nighthawk X4S Smart Wi-Fi Router whcih handles MU-MIMO with four streams and a processor improved on the previous model. This device also has the ability to work on 160Mhz channel bandwidth.

They also released the C7000 which is an AC1900 cable modem router that is part of the Nighthawk router lineup.  For that matter, new firmware that will be available for the Nighthawk router lineup will offer native support for Netgear’s Arlos lineup of network cameras.

As for range extenders, the EX7300 Nighthawk X4 is a wall-plugged AC2200 unit with MU-MIMO for both the upstream and downstream paths. There is the EX6400 range extender which is the first wall-plug AC1900 range extender. Both these range extenders  can also serve as access points to work wiht Ethernet or HomePlug wired backbones or as client bridges to serve wired network devices like smart TVs.

The PLW1000 HomePlug AV2 wireless access point can establish an 802.11ac wireless segment and can provide a HomePlug AV2 SISO (two-wire) backbone to the router. This functionality was offered by Devolo and was available only within Europe. But now, the Netgear device is the first device of its kind that is offered by a major home-network name to offer this kind of functionality to the North American market.

TP-Link have demonstrated a router that may have ordinary capabilities but be a “smart home” hub. The SR20 offers a throughput of 1300Mbps on 5Ghz 802.11ac and 600Mbps on 2.4GHz 802.11n and implements beamforming along Gigabit Ethernet for WAN and LAN. But it can be a “smart home” hub for Z-Wave and Zigbee devices and works alongside the Kasa mobile-platform dashboard app. This is similar to the Securifi Almond series of routers which have this kind of functionality and is the first of such devices to be released by a major home-network name.

Conclusion

After seeing a USB-C-driven direction for peripherals, OLED starting to light up computer display monitors, along wiht MU-MIMO increasing the throughput on Wi-Fi home networks,  I will be covering in the next article about photography, audio and video trends from CES 2016.

Next, I will be covering the trends affecting digital photography and videography along with audio and video recording and reproduction technology.

SanDisk releases the first USB memory key with a Type-C connection

Article

MWC 2015 : la toute première clé dotée de la prise USB réversible de demain ! | 01Net.fr (French language / Langue Française)

From the horse’s mouth

SanDisk

Press Release

Product Page (Dual Drive Type C)

My Comments

The USB Type C connector

SanDisk Dual Drive Type C memory key press picture courtesy of SanDisk

SanDisk Dual Drive Type C memory key

has been ratified as a small reversible connector for use with low-profile devices. It will start to appear primarily on the next wave of tablets, smartphones and, perhaps, ultraportable notebooks due to its small size.

But the device that ends up in most USB ports is the USB memory key, also known as a memory stick, thumb drive or jump drive. These are the same size as a typical house key or stick of chewing gum but contain an integrated flash drive that plugs in to a computer’s USB port, presenting itself to the operating system as a removeable disk.

SanDisk has anticipated the arrival of these devices and has launched at Mobile World Congress 2015 a USB memory key that can plug in to a USB Type-C socket. The 32Gb Dual Drive has on one end a Type A plug to plug in to most computers in operation and on the other end a Type C plug for the up-and-coming tablet or ultraportable. Of course, the USB 3.0 device will present itself logically as a removable disk like other memory keys.

This could cut out the need to carry around a Type-A to Type-C cable along with a memory key when you want to move data to your tablet or want to expand capacity on that same device. Who knows who will be the next kid off  the block to offer a peripheral for the USB Type-C connector.

Multi-volume USB storage devices–a connectivity issue is raised here

The current situation

USB storage device types

Single-volume USB devices

Most USB memory keys and similar devices do present themselves to your computer as a single volume or “logical disk”. In Windows, this would be represented as one drive letter and volume name for the device and a Macintosh would show up one extra drive icon on the Desktop when you plug the device in. These devices do work well with specific-function USB host devices like printers or audio/video equipment.

Multiple-volume USB devices

Kingston Wi-Drive USB data and power port

Single USB socket on Kingston Wi-Drive to connect two logical volumes

But there are devices out there that don’t present themselves as a single logical volume. These can range from a memory key or external hard disk that has been formatted as two logical volumes to USB memory-card drives that have multiple slots for the different card types and devices that have fixed storage and a memory-card drive. It can also include mobile phones and MP3 players that have internal storage but also have a microSD card slot.

The former situation is best represented by the Kingston Wi-Drive which I just reviewed here. It presented itself as two logical volumes – one being a read-only volume for the Wi-Fi access point user interface and another for users to store their data at.

How different hosts handle multiple-volume USB devices

Regular computers

This class of device would show up as two or more different drive letters and volume names in Windows or show up as two or more drive icons on the Macintosh desktop. You may have to make sure each volume is safely dismounted in the operating system before you disconnect the device from the computer.

Specific-purpose devices

NAD C446 Media Tuner with USB memory key

USB memory key used to play music in a NAD C446 Media Tuner

But an increasing number of specific-purpose devices are being equipped with USB ports for connecting USB storage devices to. This typically allows you to print documents or photos held on the USB storage device or play / show audio-video content through the screen and/or speakers attached to or integrated in the host device. Infact this setup is used in cars as a preferred alternative to the multi-disc CD stackers that used to exist in the boot (trunk) or dash.

Some devices even write to the USB storage device, typically to store configurations, recorded audio / video content or locally-cached BD-Live online data.

The main problem with these USB storage devices that present themselves as multiple logical volumes is that most of the specific-purpose devices cannot successfully mount the multiple-logical-volume devices at all.

Typically, they would give up the ghost at such attempts, as I noticed with the Kogan WiFi Digital Radio when I tried to connect the Kingston Wi-Drive which had some music on it to the radio. As well, the host-device manufacturers stipulate that you cannot try to use such storage devices with their devices. One person I talked to tonight mentioned that he had to be careful about how he formatted the USB memory key he used for storing music to play in his car’s stereo system.

What can be done

The idea of mounting multiple volumes of the common file systems could be investigated with these dedicated-purpose devices. Here, it could allow the volumes in the device to be presented as multiple “disks” if multiple suitable volumes exist. They could then be listed using a generic “USB+number” name for unlabelled volumes and the volume name for labelled volumes. Most applications would need to mount and use one volume at a time whereas some applications may allow for concurrent multiple-volume access.

The volume-selection option could be provided as part of selecting the files or folders to work with or, in the case of audio-video applications, the USB port used by the multi-volume storage device could be “split” as extra logical sources for each eligible volume.

Conclusion

This may require a small amount of extra code so that different volumes at a physical interface can be enumerated and made available but the idea of supporting multi-volume USB storage devices by dedicated-purpose host devices could be worth investigating.

Lost data on USB drives–can even affect individuals and small business

Articles – From the horse’s mouth

Press Release | Kingston

My Comments

I have had a look at the Kingston press release about the security of data held on USB flash drives and found that it was based on a Ponemon Institute study commissioned by Kingston. The main factor that I had observed was that the survey was based on data that represented the “big end of town” – the larger companies and government departments who typically handle a lot of high-stakes company and customer data.

Here I still find that small businesses and individuals are as at risk from removable-media data theft as are larger organisations. Most of these users would consider secure data storage as storing the confidential data on a USB memory key or external hard disk rather than on the computer’s hard disk. Here, they would keep that memory key or external hard disk locked in a desk drawer, filing cabinet or safe when the data is not needed. If the data isn’t changed or viewed often, like a valuables inventory, the USB memory key or external hard disk may be kept at a bank’s safe-deposit facility.

As well, the typical USB memory key can be attached to one’s keyring that has their house, car and business keys on it and a lot of these users may take advantage of the fact. These key rings are often at risk of loss due to absent-mindedness that can be common amongst us or theft as has been known to happen in the UK and Europe where houses have been broken into in order to steal the keys for powerful or expensive cars that are parked at these houses.

Of course, it is not just government and big business who handle or are responsible for “high-stakes” ultra-confidential data. Small businesses and individuals can also handle this kind of data, whether they provide services to these entities or not.

For example, I had provided technology assistance to a “one-person” business who valued fine art, antiques and collectables. This involved the handling of data relating to the collectable items and who owned the collectable items, as I commissioned newly-bought computers or trained her in computing techniques.

As well, individuals may need to keep copies of information pertaining to personal medical and legal issues where there is a strong emotional link. This information may be considered of high value where it concerns individuals who are in the “public eye” and the tabloid media are hungry for any bit of information about these individuals in order to run that exclusive “scoop”.

A common reality that this “enterprise-focused” article misses is that the typical small-business owner or personal user chooses and purchases their own computer hardware from retail. This is compared to larger organisations who maintain a dedicated IT team who is responsible for purchasing and maintaining the computer and communications technology for that organisation.

For this class of user, I would recommend that they use removable storage that is made by respected brands like Kingston, Verbatim, Sony or SanDisk. It may be worth knowing that some of the good retailers may resell these good brands under their own labels, usually in the premium end of those labels.

I would also recommend that you investigate the use of security-enabled encrypted USB memory keys. Here, I would look for those units that have continual software support from the vendor. This is important if you change your computing platform like what Apple hopes use do or move to newer versions of our current operating systems.

As well, you should make sure that you have good desktop security software on your computer. You could even get by with free programs like AVG or Microsoft Security Essentials. Even Macintosh users should make sure they run good anti-malware software on these computers especially as software threats are targeting this platform as well.

It is also worth making use of strong passwords or other data-locking options that the operating system or USB security software may provide for the confidential data. This may work in conjunction with the common practice of keeping the removable media under lock and key such as in a locked filing cabinet or safe.

What I fear is that a lot of press concerning data security tends to be focused at the big end of town and smaller users tend to be forgotten about. As well, a lot of the good-quality data-security options are often designed and priced out of the range of the small business operator or consumer even though there is a need for this level of data security amongst some of this class of user.