Improved USB Protection Guards Against Device Itself

Feb. 15, 2019
The latest release of Honeywell’s Secure Media Exchange, designed to protect industry from USB-based cyber attacks, goes beyond malware to identify an increasingly prevalent form of USB attack types.

Though we’ve been hearing plenty about digital twins in manufacturing these days, we’ve heard a little less about evil twins. With the latest release of its Secure Media Exchange (SMX), a system developed to protect industrial operations against USB-based cyber threats, Honeywell’s focus is on doppelganger USB devices—those malicious USBs that might look like storage devices but act like something else entirely.

With its SMX technology out in the field for close to two years, Honeywell has been able to gather significant evidence about the types of attacks on industrial facilities through USB devices. Releasing an Industrial USB Threat Report late last year, Honeywell reported that almost half of its customers (44 percent) faced threats from USB devices, more than a quarter of which had the potential to cause major plant disruptions.

With the latest SMX release, not only has Honeywell enhanced the malware detection, but it is also reacting to trends it’s seeing in the threat landscape—in which attacks are shifting away from malware to how the USB devices themselves behave. SMX can now protect against a broad range of malicious USB device attacks that disrupt operations through misuse of legitimate USB functions or unauthorized device actions.

“Just because something looks like a USB device doesn’t mean it can be trusted as such,” said Sam Wilson, global product marketing manager for Honeywell Industrial Cybersecurity, at a press briefing during the ARC Industry Forum earlier this month in Orlando, Florida. “The attacks we’re seeing go beyond malware. You need to protect against the devices themselves that can behave in ways not expected.”

Such malicious devices—a sampling of which is shown above—look just like any other USB device, but don’t act like them. A USB device known as a Rubber Ducky, for example, acts like a keyboard. “They don’t take very sophisticated programming to turn them into something that can cause very sophisticated damage,” Wilson said.

A Bash Bunny has an embedded microcomputer that can emulate a variety of USB types in order to inject payloads onto a target computer. A USBHarpoon looks like a standard USB charging cable but has a custom firmware chip on the end that can launch attacks.

Categorically, these malicious USB device attacks represent 75 percent of today’s known USB attack types, a clear indication of the shift toward new attack methodologies. To fight against this trend, new SMX protection includes Trusted Response User Substantiation Technology (TRUST), which introduces a human validation and authentication step to ensure that USB devices are what they claim to be.

“It prompts the user and says, ‘This device says it’s a keyboard. Is that what you expected?’” Wilson explained. “It’s intercepting an automated process that we all take for granted and makes sure a human qualifies it.”

Additional layers of advanced malware detection technology are also used to further protect against malware, including artificial intelligence (AI) and machine learning to improve detection of increasingly complex malware, including zero days and evasive malware.

Other new features of the latest SMX release include centralized management, which provides increased visibility of USB devices entering industrial control environments and centralized threat management across all SMX sites; and ICS Shield integration, which closes the loop between centralized management services and distributed protections inside the industrial control system (ICS). Honeywell obtained the ICS Shield technology a couple years ago with its acquisition of Nextnine.

A new model, the SMX ST, is a more portable version of the original SMX apparatus. Some customers did not need the fully ruggedized SMX, Wilson noted, and were looking for a version that could be carried from one location to another. It also comes in at a lower price point, he added.

Honeywell will demonstrate malicious USB device attacks at the RSA Conference next month in San Francisco. Eric Knapp, chief engineer of cybersecurity solutions and technology for Honeywell, will present a talk on Thursday morning at the conference, March 7, called “Malicious, Misbehaving or Misunderstood? Making Bad USBs Good Again.”

About the Author

Aaron Hand | Editor-in-Chief, ProFood World

Aaron Hand has three decades of experience in B-to-B publishing with a particular focus on technology. He has been with PMMI Media Group since 2013, much of that time as Executive Editor for Automation World, where he focused on continuous process industries. Prior to joining ProFood World full time in late 2020, Aaron worked as Editor at Large for PMMI Media Group, reporting for all publications on a wide variety of industry developments, including advancements in packaging for consumer products and pharmaceuticals, food and beverage processing, and industrial automation. He took over as Editor-in-Chief of ProFood World in 2021. Aaron holds a B.A. in Journalism from Indiana University and an M.S. in Journalism from the University of Illinois.

Companies in this Article

Sponsored Recommendations

Put the Plant Floor in Your Pocket with Ignition Perspective

Build mobile-responsive HTML applications that run natively on any screen.

Ignition: Industrial-Strength System Security and Stability

Ignition is built on a solid, unified architecture and proven, industrial-grade security technology, which is why industrial organizations all over the world have been trusting...

Iron Foundry Gains Competitive Edge & Increases Efficiency with Innovative Technology

With help from Artek, Ferroloy implemented Ignition to digitally transform their disconnected foundry through efficient data collection and analysis while integrating the new ...

Empowering Data Center Growth: Leveraging Ignition for Scalability and Efficiency

Data center growth has exploded over the past decade. Initially driven by organizations moving their computer assets to the cloud, this trend has only accelerated. With the rise...