Wireless and Digital Services

It’s time to kill the USB flash drive

By Phil Dempster - Last updated: Thursday, May 18, 2017

Shadowire

The humble USB flash drive is a tenacious thing. The convenience of holding files on a device and sharing with a physical plug in means that we’re often prepared to overlook the glaring security weaknesses – data leakage and malware – inherent in their use.

But last week’s WannaCry attack, unprecedented in scale and exposing basic security lapses across the public and private sector, has shone a harsh light on security practices across the world. It’s time for one more nail in the USB flash drive coffin.

Security can be simple, and never more so than with our Shadowire technology. Shadowire provides a secure USB key replacement for transferring files between two collocated computers.

No software or drivers are required on either computer and no passwords or PINs are needed – it simply plugs into a USB port on each computer and looks to both like a standard USB mass storage device. In effect, it works like a double-ended USB key, except that the data it holds is only accessible for the duration of a transfer. By default it’s bi-directional, but it can also be unidirectional, providing protection against unintended data transfer. This could prevent sensitive data leaking from a trusted target network to the device during uploading, for example, or could protect a host network from an unintended transfer from an untrusted target device during downloading.

The Shadowire device stores data encrypted using a per-session key. This key is erased as soon as the device is unplugged, ensuring that the data can never be read. As well as helping to prevent accidental data loss, this reduces the chances of malware infection, as does the fact that the receiving computer has to actively pull the data from the device. Unlike conventional secure USB devices that use password or PIN based encryption, the data is protected from a stolen password or attempts at password cracking.

Whilst Shadowire won’t protect you against WannaCry-type attacks, it’s a technology whose time has come. The “sensitive USB key left on a train” scenario is a very real one; as is the havoc that could result if a virus is accidentally transferred to a corporate network. The fact that WannaCry is making big headlines should be a wake-up call to many, particularly within a corporate environment, in which Shadowire is ideally suited to serve.