Attacks using malicious USBs (so called BadUSB attacks) are on the rise. USB devices can operate by providing their own firmware (device drivers), which the host installs in its memory and is executed by the host OS. A malicious USB device may be configured with a malicious device driver, which when installed in the host can compromise the security of the host. For example, the malicious USB device may emulate a keyboard and inject keystrokes as if entered by a logged-in user, thus allowing for various attacks; for example, malware may be downloaded and installed on the host. The malicious USB device may directly access (read, write, delete) files on the host, monitor or otherwise affect network activity, spoof a network card and change the host's DNS settings to redirect network traffic, and so on. This form of attack, however, is not necessarily limited to USB-type devices. Any hardware device that can be plugged into the host and provides firmware to the host can in principle be made malicious. Such devices include but are not limited to SCSI devices, FireWire devices, and so on.
Microsoft introduced a virtual secure mode (VSM) feature in their Windows 10™ operating system. VSM is a protected container (virtual machine) that executes on the virtualization component of a Windows 10™ host. The VSM does not allow any third-party code to be executed in the VSM space. Since the Windows 10™ kernel cannot access VSM directly, this architecture can protect data in the VSM, even if the Widows 10™ kernel is compromised. Accordingly, encryption keys, user authentication data and other crucial information can be safely stored and managed in the VSM container.