A problem introduction
Remote access services are usually done through software and can sometimes be complicated to use as well as in some cases allow for infection of your own computer. In order to allow for secure remote access TOSIBOX® has come up with the solution of using software tied to a USB-stick acting as a key, connected to a network-box acting as a lock.
CYNIC and TOSIBOX® are involved in a cross-border collaboration where researchers in CYNIC have been given the opportunity to test and evaluate the TOSIBOX® key. Something we have done and have documented the process for you to follow!
What is Tosibox?
TOSIBOX® allows organizations and individuals to use a remote connection between devices through the use of what can be seen as a key and a lock. With your personal device you can use a USB-stick to connect to your organization’s network. The network device acts as a lock, where you physical USB is required to enter. TOSIBOX® essentially replaces software with hardware and creates the opportunity for remote access through a hardware solution instead. This replaces a logical layer of security with a physical one.
A colleague of yours was the target of a phishing attack and received an email containing a Word-document. As the email was well crafted and seemed interesting, your colleague, in a brief moment of curiosity, he downloaded the file and opened it up. A quick flash of the command line, and a few flashes on the screen was all it took, the computer is now infected with something.
Your job is now to investigate the suspicious file and find out what just happened to your poor, curious, colleague. However, this incident happened half way across the world, and you do not have the possibility to connect to that network other than being on site.
As it happens, your company is using TOSIBOX® and all the devices are connected to TOSIBOX® Lock so you are able to connect to the network by using your TOSIBOX® Key.
Plugging in the assigned physical USB-key to your computer, you know have access to the same network as your colleague.
Logging on to the machine you are able to collect the malware and move it to your sandbox environment where you are able to analyze it further.
As you analyze the Word-document you can confirm it is a malware, and it is running a macro. This is confirmed by uploading the file to Virustotal and we can see that there are several vendors whom flagged this file as malware, and external analysis have been done.
Some thoughts about this company case
One of the strengths of TOSIBOX® is the user-friendly approach they’ve chosen. By just plugging in the physical USB-key, we are able to create a connection to another network without any other external software. This creates a new physical layer of security for the network, by relying on a USB-key rather than only on software. It raises some question regarding just security, what if someone steals the USB-key? The adversary is able to connect to the network, no authorization other than having the physical key is necessary.
However, nothing is 100% secure, and this solution provides a secure connection with their technology and in their easy-to-use approach.