You may have heard about BadUSB which is an attack on ordinary USB thumbdrives. The attack exploits the fact that the firmware of ordinary USB devices may not be protected and can be reprogrammed (or “flashed") without any protection. This allows the attacker to infect a USB device by flashing malicious firmware. This firmware executes its attack by behaving as an ordinary keyboard and gaining control of the computer by performing appropriate keystrokes. The malicious USB device could send files to the internet or infect the client machine by typing a malicious script (or “virus") into a file. Such attacks can go undetected if the device behaves normally most of the time.
During the NSA leaks the public learned that the NSA intercepts parcels containing physical firewalls, laptops and other sensitive devices in order to program these with backdoored firmware or even to manipulate the hardware. The parcels were opened and closed carefully so that the modification would not be noticeable.
Such examples demonstrate the need to carefully protect Nitrokey’s firmware. Even before these revelations came to light we were aware of the potential risks and designed the Nitrokey accordingly. The fact that Nitrokey is completely open-source allows users to:
- Verify the layout of the hardware
- Verify the source code of the firmware
- Compile and build the firmware
- Flash their own firmware into the hardware
These protections are effective against BadUSB and against parcel interception by intelligence services. Additional protections depend on the particular Nitrokey model:
Nitrokey Pro’s and Nitrokey HSM's firmware can only be reprogrammed by accessing the board (PCB) directly. It is impossible to flash the firmware just by connecting it via USB. This is pretty secure but also has the disadvantage of preventing firmware updates. Because Nitrokey Pro's and HSM's complexity is limited we think this is a feasible approach.
Nitrokey Storage allows firmware updates via USB. Given that this device is relatively complex, it enables us to roll out firmware updates containing bug fixes, improvements and even new features. However, for updating the firmware its mandatory to enter a dedicated firmware PIN which should be used on trusted computers only.
Nitrokey Storage also allows the entire firmware flash memory to be exported (without user data) into a file where it is compared against the official firmware releases published on the Nitrokey website. We plan to fill the empty memory space with random (but exported and verified) data in order to prevent malicious firmware from hiding there. This approach is pretty bullet-proof as long as the firmware doesn't hide in the mass storage (which is MicroSD and could be removed physically). The Nitrokey Storage can be preordered at our crowdfunding campaign page.
However we may still look into enabling signed firmware updates in the future which would be secure, more flexible, and more easy-to-use. However this brings with it another challenge: We don't want to (and the chosen GPLv3 won't allow us to) restrict users from installing their own firmware in the Nitrokey hardware. Hence the mechanism of secure and signed firmware would need to be combined with a way of ensuring the freedom to install users’ own firmware. The best practice solution would be to require users to configure the signature key within the device. This signature key could be determined either by Nitrokey or by the user. Nitrokey Start is based on GNUK which already supports this kind of firmware update. In future we may implement this scheme for other Nitrokey models as well. However since our other models are already secure in this respect we consider it more of a “nice-to-have” feature with lower priority.
In summary, we think we are well prepared against badUSB and similar threats.