Translated by
2019/09/04 13:40:39

USB-flash (flash card)

The cell phone and flash card is made related that any fantast did not predict emergence of these devices, and today without them it is impossible to imagine our existence. It seems improbable, but the IBM corporation put on the market the first commercial flash drive only ten years ago, on December 15, 2000. It hereinafter was referred to as DiskOnKey, had the volume of 8 MB and was offered instead of 1.44-megabyte floppy disks. This thing turned out so successful that in some five years production of the PC with devices for floppik completely stopped. However, in this case IBM acted only as the seller of the products made during that time to very few people by the known Israeli company M-Systems. * USB 3.x



Publication of final USB4 specifications. The next stage — the output of devices

At the beginning of September, 2019 the USB-IF organization published final specifications of USB4 standard providing data transmission (when using of the certified cables) at a speed up to 40 Gbps. It is twice more, than at the previous version (USB 3.2 Gen 2x2).

USB4 will save backward compatibility with all previous versions of "universal serial bus", including USB 2.0 and USB 3.2 and also Thunderbolt 3. Thus, computer makers and other equipment will not need to set new ports.

USB4 standard then the release of devices with such ports will begin is approved
USB4 standard then the release of devices with such ports will begin is approved

The Intel company already began to build in the new interface directly CPU. It is expected that devices on 10-nanometer Core processors some of the first will undergo certification of USB4. With the USB4 company  permitted  all to use the interface free of charge.

Supports USB4 standard to eight DisplayPort 1.2 lines and provides data exchange on four PCIe 3.0 lines.

Despite the approval of final USB4 specifications, some time for an output of devices with such interface on the market will be required. As a rule, after completion of work on specifications there passes not less than a year before emergence of the first devices. So emergence of the equipment with USB4 ports should be expected by the end of 2020.[1]

In USB4 technology improved: for example, if the user has a monitor which are used by video signal at a speed of 8 Gbps, other 32 Gbps can be directed to other purposes.

The new USB standard should become more widespread in comparison with Thunderbolt 3 technology (USB4 is based on it) because of features of certification. To release the device with  Thunderbolt 3, it is necessary to address directly to Intel. Though it and is free, but considerably slows down process: by March, 2019 only on 463 devices Thunderbolt 3 support is declared officially though commercial use of this standard began in 2015. USB does not need to be certified, it will be simpler to producers to deal with it.

The USB developer explained why the connector was asymmetrical

On June 21, 2019 one of USB developers Ajay Bhatt told about the reasons because of which the connector was decided to be made asymmetrical. This problem irritates many users: it is necessary to spend time to insert the flash drive or a charging cable into the slot which is not visible.

According to Bhatt, "the biggest inconvenience" USB developers went to it purposefully to save. The technology at which the plug is inserted into the slot in two provisions would turn out twice more expensively as it requires additional chips and wires.

The symmetric connector would double its cost — on it more wires and chips were required
The symmetric connector would double its cost — on it more wires and chips were required

Cheaper option was selected after negotiations with producers of personal computers for which the question of the price was one of main. Exactly thanks to low cost of connectors of Apple released the first computer with USB in 1998.

The patent for USB belongs to Intel — developing the interface, Bhatt worked for the company. Also he was engaged in creation of the PCI Express connector for motherboards.

The command of Intel suggested to make the USB connector round, however such option could be even worse. Adzhay Bhatt recognizes that the technology could be better.

Now, after time and considering all our accumulated experience, we, of course, understand that it [USB connector] turned out not such simple as had to … At us time for proving that it is impossible to do without this technology left — Bhatt in an interview to the NPR edition reported.

USB have a symmetric version of the connector — USB-C. The technology was provided by USB Implementers Forum non-profit organization  in 2014.

Two years earlier Japanese  company Buffalo Technology solved a problem of the asymmetrical connector USB 2.0. Its adapters, USB sticks, adapters and USB hubs which connectors are compatible to USB 2.0 use the mobile partition allowing to insert them any party.[2]

Approval of USB4 standard; data transfer rate — up to 40 Gbps

In March, 2019 the industry USB Promoter Group group  approved the new USB standard which allows to transfer data at a speed up to 40 Gbps.

USB4 will succeed USB interface 3.2  at which information transmission rate is limited to 20 Gbps. With the USB 3.1 standard of Gen 2 the maximum indicator is equal in a case to 10 Gbps. The new technology is compatible to USB 3.2, USB 2.0 and Thunderbolt 3.

USB4 will appear twice quicker than USB 3.2
USB4 will appear twice quicker than USB 3.2

And the Thunderbolt 3 specifications will form USB4 basis thanks to the fact that Intel as the owner made them open for other companies.

The architecture of USB4 determines a method of joint dynamic use of one high-speed connection by a set of end devices. Specifications of the new standard will allow to optimize a data stream for an output to the display as the USB Type-C port turned including port for connection of monitors for a long time. The two-channel scheme even with the existing USB Type-C cables and several protocols will be applied to separation of flows of normal data and data for display for this purpose.

The device at connection through USB4 will be able to be loaded and bring at the same time to the display the image through one cable. The interface supports charging on power up to 100 W, connection to two 4K-displays with update rate of 60 GHz or one 5K-display.

As the chairman of USB Promoter Group Brad Saunders reported, the main idea of USB4 is in providing to users "the best solution" for information transfer, audio/video signal and a power supply. All opportunities, according to Saunders, will be integrated in one interface.

The full range of USB4 specifications will be published in the middle of 2019. The first devices and accessories supporting the new standard should enter the market in 2020.[3]


USB devices pose a serious threat for industrial facilities

On November 9, 2018 Honeywell announced that, according to its research in the field of cyber defense, USB devices pose a serious threat for industrial facilities.

According to the data obtained using technologies of Honeywell for scanning and control of USB devices at 50 enterprises customers almost in half of cases (44%) at least one file threatening to security was revealed and blocked. Also it was revealed that 26% of the revealed threats could lead to considerable violations as a result of which operators could lose an opportunity to see the course of execution of operations or to manage it. Threats of different degree of gravity were aimed at a broad spectrum of industrial facilities, including the oil processing, chemical and pulp-and-paper companies worldwide. About one of six threats was aimed at industrial management systems or devices with support of Internet of Things (IoT).

Threats were more serious, than we expected. The general analysis of results shows that some of these threats were purposeful and deliberate. The research confirms our long-term suspicions: threat which are posed by USB drives for industrial enterprises are quite real. Many of them can cause dangerous situations on the objects connected with industrial production.
Eric Knapp, direktor of the direction of strategic innovations of division of industrial cyber security of Honeywell

As a result of a research the business statement devoted only to protection against USB threats in the conditions of management of industrial production was made. In it the data collected using Secure Media Exchange (SMX) technology which was developed by Honeywell especially for scanning and control of removable mediums of information, including USB drives are considered. Among the detected threats were such resonant as TRITON and Mirai and also options of a computer worm of Stuxnet who was used earlier by intelligence agencies of the different states for violation of work of industrial facilities. Contrastive analysis also showed that traditional means of protecting from malware could not detect up to 11% of the revealed threats.

In the report on USB threats for industrial facilities submitted according to the results of a research, Honeywell recommends to manufacturing enterprises to use the approach combining personnel training, making changes in workflows and also implementation of the technical solutions for risk reduction resulting from use of USB devices.

IBM prohibited employees to use USB sticks

In the nearest future all staff of IBM will receive the most strict prohibition on use in the working practice of any kinds of removable drives. In May, 2018 the British The Register portal reports about it. The edition refers to the special consulting circular sent to the staff of the company on behalf of Shamla Naidoo, the head of global department of information security[4].

In the message Shamla, in particular, notes that from now on the company "expands practice of prohibition of data transfer using any types of portable removable devices, including USB drives, the SD cards, USB sticks of any types, etc.".

In the letter of the head of IT security of IBM it is also noted that prohibition on use of removable drives already takes place in a number of divisions of the company, however "in the next several weeks such practice will be implemented on a global scale".

2017: USB Type-C

USB The Type-C connector is called golden mean between microUSB and Lightning thanks to a thin and symmetric form. Using danny port, it is possible not only to load smartphone, but also to connect the device to the monitor, earphones and even a flash drives. In 2017 in the market there was smartphone Samsung Galaxy S8 which has the USB connector Type-C and the slot for the high-performance memory card.

2016: Counterfeit USB chargers can steal all data from the smartphone

Specialists from Aries Security company found out that by means of counterfeit USB wires hackers can intercept any data from the smartphone of the victim. It can occur at the time when the user brings the image from the device to TV or[5].

This method of the attack received the name Video jacking. Its essence is that during connection of charging to the smartphone the espionage device separates the image on the screen and writes all events. It can be passwords, PIN codes, account numbers and many other things.

Experts noted that vulnerability works at the majority Android-smartphones. Besides, it is possible to write information from the screen and on devices of the company Apple.

2014: USB as comprehensive security risk?

Devices with the USB connector are USB sticks, a mouse, the keyboard – can be used for computer hacking, security experts from SR Labs detected. And case at all not that on a flash carrier the malware will be written.

The new potential class of the attacks against which the existing means of protecting are useless was detected in the summer of 2014 by Karsten Nol and Jacob Lell from the Berlin SR Labs, Reuters reports. This firm researching in the field of security is known, in particular, for detection of gaps in mobile[6].

Problem here operation of USB devices, deeper, connected with the principle. The controllers which are available in them are the small chips managing their work – can be reprogrammed, and the malicious code is hidden then it will infect computers to which will connect these devices, researchers explain. What is essential, on chips no means of protecting of the code are initially provided. "You will not be able to define from where the virus undertook, – Nol says. – It is almost magic trick".

Researchers from SR Labs made experiments with such attacks, having written native malicious code (they called it BadUSB) on USB chips for USB sticks and smartphones. Being connected to the computer, the reprogrammed USB device can emulate the keyboard, execute commands from a user name, for example delete files or install programs. The malicious code written on it can infect, in turn, other devices which will be connected besides to the computer. At last, he is capable to change the DNS settings of the computer, redirecting the traffic arriving on it on the external server. Researchers are going to give the report on new threat, having produced the evidence of fundamental violation of security of USB, at the forthcoming Black Hat conference in Las Vegas (their presentation will be called "Bad USB – On Accessories that Turn Evil").

According to Nol, he would not be surprised, having learned that the prospecting organizations, for example National Security Agency, already found out how to organize such attacks. A year ago, Reuters writes, Nol provided results of studying of methods of remote cracking of SIM cards of mobile phones on Black Hat. And in December from the data published by Edward Snowden (the former counteractor of NSA) it became clear that investigation used the similar equipment for shadowing. Representatives of NSA refused to comment on Reuters this information.

There is no effective protection against the USB attacks yet, consider in SR Labs. Such means of protecting as antiviruses, scan only software, written in memory of the computer, and have no access to corporate software (firmware) managing operation of USB devices. The firewalls blocking a certain class of devices do not exist yet. And behavioural control is complicated as changes in behavior of the infected device look as if the user just connected one more device to the computer.

And at last, to clean the infected system it will be very difficult. The standard method – reinstallation of the operating system – is no good as the USB drive from which OS is reinstalled can be infected too, as well as other USB components. The device with a malicious code is capable even to replace the BIOS computer.

In a research Nola and Lela are one moment, experts which forces to listen to their outputs believe, apart from them it is simple reasonings of theorists. The matter is that infection can be sent to both directions: as from USB to the computer, and back. Every time when the device turns on in the USB port of the computer, corporate software on it can be rewritten by the malicious code which is on the PC and to the owner of the device not easy it will detect. In the same way any USB device will be able to infect any computer. "It works in both directions, – Nol says. – It is impossible to trust anybody".

Such new approach assumes that it is impossible to consider the USB device safe just because its contents are net from viruses. It is possible to trust it only provided that nobody ever concerned it with the bad purposes. "It is necessary to consider USB devices as infected and to throw out them at once after they contact with not entrusted computer", – Nol as it is impossible to clean them claims. Alas, such paranoia kills the idea of use of wearable USB sticks in a pocket, the general chargers for different gadgets and other hi-tech toys which all got used to treat quite carelessly.


The beginning of the main history was it, but, as usual happens to popular inventions, there is also alternative history. The priority of M-Systems is disputed by two companies — the Chinese Netac Technology and the Singapore Trek Technology; both of them are large producers of devices of this kind.[7]

It is necessary to recognize, Netac and Trek really released the products practically along with IBM, not accidentally they still are at infinite lawsuits, some courts recognize their priority, others refuse.

There is a lot of similar disputable precedents in the history of technologies, we will remember Popova and Marconi, Bella and Edison, winners in them are not, such polemic comes to an end with nothing. Let's add that approximately at the same time the Lexar company offered the cards in the Compact Flash format allowing connection on USB. The point is that neither M-Systems, nor her opponents made anything essentially new, and gathered already known technologies.

Anyway, without any doubts it is recognized that in 1998, much earlier others, the flash disk as a uniform product was offered by Dov Moeran, the founder of M-Systems. After that several years M-Systems tried to sell independently in Europe four models — on 8, 16, 32 and 64 MB — an unusual disk under the disgo trademark which was not executed in design usual today, in the form of the small panel included directly in the USB port yet.

Such, become the standard construction was offered by the Malayan student Pua Hen Seng, however, without having funds for home company, he sold the idea of Toshiba corporation. As a result the real murderer of floppy disks was born. So on border of the millennia the race in which Asian producers could propose less expensive solutions started.

So, a flash disks were not opening, it is only composition known.

By the end of the 90th two major components were already available, it was necessary to integrate them, having gathered technology of data storage of EEPROM (Electrically Erasable Programmable Read-Only Memory — "electrically the erased reprogrammable read-only memory") with the universal serial bus USB.

Today a flash disks are made on the NAND technology (NOR significantly more slowly) which is one of versions of EEPROM, modules of memory have capacity from 8 MB to 64 Gbytes, provide storage life up to ten years and a guaranteed quantity of access cycles over one million. Modern flash cards are compatible to USB 2.0, however cannot use the speed of 480 Mbps which is completely guaranteed by this interface because of technical restrictions of NAND.

Convenient replaceable disks considerably changed all computer ecosystem, the improbable number of appendices including not quite desirable is had. Alas, together with distribution of flash cards the new band of data theft began. As the instrument of cybercrimes apply not only standard flash cards, but also the special device to cracking of USB Switchblade which does not require the working operating system, in a standalone mode it can take passwords and other confidential information.

In 2006 the M-Systems company was sold to the famous producer of the memory cards SanDisk more than for 1.5 billion dollars. Almost all these means arrived into Moeran's accounts, however he did not stop the inventive activity. Moeran explains it with heredity: his grandfather and the father, despite the tragic tests which fell to their lot were also inventors. It puts itself(himself) in one row with Steve Jobs, Steve Ballmer, Larry Ellison and other leaders of high technologies which were born in the 50th years.

In 2007 Moeran founded Modu company, being guided by the ideas of the modular Modu 1 phone, small device which would be capable to be connected to other devices.

Because of crisis Modu 1 left after the environment planned already which it was expected. Therefore the attention was postponed for the minimalist Modu T model with the 2.2-inch touch screen with the resolution of 240х320 points and weighing about 40 grams for what it was placed in the Book of records Ginnessa as the easiest in the world tachfon. For expansion of functionality it is possible to use the removable modules fy (camerafy — with the 5-megapixel camera, sportfy — for sports activities, textify — with QWERTY keyboard, etc.). In line the Modu W model intended for work in Wi-fi networks and supported by Skype.

You See Also