I am looking for a fast USB drive which has a physical write-protect enable switch on it. I would also want a BadUSB-resistant USB controller. I want this for 2 reasons:
-
So I can diagnose issues on machines where the problem may or may not be malware. This way, I can plug it into several machines without risking spreading malware.
-
So I can carry around a TailsOS drive wherever I go, and use it on public computers and friend’s computers without risk of infection.
So far, I have only found one company making these things, Kanguru. There are almost no reviews of their products by reputable sources, at least not for their write-protecting drives.
Their BadUSB firmware detection module is NIST certified, which is great (given that you trust proprietary cryptography modules at all), but no certs for the main storage write protection. Also Kanguru products are very overpriced.
And no I am not using SD cards, their write protect implementation is software-based and they are too slow for me.
I am specifically looking at the Kanguru FlashTrust . My questions are:
-
Has anyone used Kanguru products and how was your experience?
-
Are there other companies that make decent quality drives with hardware write-protect switches? (Ideally ones that have FOSS firmware and are third-party tested, but I will take anything).
-
Are there any companies that make USB writeblockers which are small enough to fit in a wallet and <$50? (Example of one that is too big). That way I can use a standard, cheaper USB drive.
Oh how I wish Nitrokey made these!
You must log in or register to comment.
Not saying it’s in your budget, but the iodd drives are very useful and are able to run multiple vdisks at once.
And they do have read only modes you can put them into.
You might want to expand your search to include forensic USB devices, that’s a arena where people absolutely want read only data acquisition, and that might help find what you want.
“Forensic bridges”
There is complexity to read only modes. Depending on the underlying technology the read-only switch could be implemented in software, or the host needs to honor it by protocol, but not physically. That’s pretty common for SD cards, if the host computer wants to write to them it can
Some of the better USB sticks, the Read only button, actually prevents the write enable signal from physically reaching the storage, that would be best in class. But you need the schematic to actually verify that. So you don’t know if it’s actually just implemented in software
For the forensic bridges, they actually speak the USB protocol, because it’s just a serial bus, and they simply don’t relay any commands they believe are related to writes. That relies on them enumerating every possible serial command, and that both the talker and the listener both have the same understandings for the same commands… It’s pretty good, but there is room for error
Most encrypted USB devices, the ones with the keypads on them, have a read only mode. If you trust their software: https://www.kingston.com/en/usb-flash-drives/ironkey-kp200-encrypted-usb-flash-drive
Honestly, your cheapest option is to get cheap USB drives, image them. Put some red gaffers tape on them, whenever you break the tape to plug them into a device they’re now tainted, and you as a human must reimage the drives again before you put them into another computer.
https://github.com/o7-machinehum/ovrdrive Here’s a fully open source flash drive, if you look at the schematic you can see you just want to be able to disable the right enable pin. This drive is designed with some fancy controller in front of the USB controller so you could actually disable it in software if you wanted… https://www.crowdsupply.com/interrupt-labs/ovrdrive-usb/updates/a-look-at-our-firmware-and-how-to-modify-it
I use a USB BD-R burner and disks for this. I don’t have a solution for Bad USB protection though unfortunately.