A Defense Technology Blog
See All Posts
  • A Roach Motel for Malware?
    Posted by Bill Sweetman 11:57 AM on Jun 30, 2010

    Talk about a black box solution. Start-up company InZero Systems appeared last week in Washington DC to present its solution to cybersecurity problems, which is literally a black box with a couple of switches, a few indicator lights and power, network and USB connections.

    The company claims that it is unhackable. At last week's demo, Philip Zimmermann, the inventor of the PGP encryption tool, described InZero as "like nothing else I have seen" and said that he hadn't seen a way to break into it. The audience included Google's chief "evangelist" Vint Cerf, regarded as one of the founders of the internet, and senior advisors to the administration.

    blog post photo

    InZero founder Louis Hughes said that the company had issued a public challenge to hackers to break through it and recover data files - called "flags" - on a specially constructed network. Hughes pointed out that this is a "bet the company" move:  a success would be the end of the road. As of last week, InZero reported two million attacks, including 250,000 out of China, with no successes.

    InZero is the invention of Ukrainian computer engineer Oleksiy Shevchenko, and what makes it different is that it is based on hardware, not software. The black box contains a second computer, operating system and apps that you would normally use to access the web, all stored in read-only memory and remotely controlled from the protected computer. Result: the operator can read and access anything on the net, but malware cannot spread to the PC and the protected network.

    Optionally, the user can download data from trusted sites, or store a file from an untrusted site in an encrypted form that prevents malware from executing. That file can still be viewed and edited but only on the secure side of the InZero platform.

    Cerf seemed impressed but not totally convinced, pointing out that the first edition of the device protects only desktop PCs and not mobile devices, and that proper protection and management of these devices would require a great deal of support. Although InZero is designing laptop hardware (which replaces the DVD drive) Cerf notes that "it's an operational challenge to maintain software on laptops" which is one reason for the move to cloud computing, where apps reside on the internet and are updated without reference to individual computers.

    Another question: how do we know that the InZero box is safe? Hughes says that the company "has been quite paranoid" about that issue. The software, designed in the Ukraine and Siberia, has been independently checked for backdoors. Although most of the hardware is commercial off-the-shelf, he says, there are "several secret chips that control everything, and a killer chip if you try to disassemble the device."

    Tags: ar99, cyberwar, inzero

  • Recommend
  • Report Abuse

Comments on Blog Post