Read-Only USB Drives: Options & Security

TL;DR

Yes, read-only USB flash drives exist, but they’re not common off-the-shelf. You can achieve a similar effect by using software to make a standard drive read-only, or by purchasing specialist hardware designed for this purpose. This guide explains both approaches.

Making a Standard USB Drive Read-Only (Software)

This method uses your computer’s operating system to prevent writing to the USB drive. It’s reversible, so it’s not foolproof cyber security but good for preventing accidental changes or malware infection.

1. Windows: Using Diskpart

• Open Command Prompt as an Administrator (search for ‘cmd’, right-click and select ‘Run as administrator’).
• Type diskpart and press Enter.
• Type list disk and press Enter to see a list of your disks. Identify the number corresponding to your USB drive – be *very* careful here!
• Type select disk X (replace ‘X’ with the correct disk number).
• Type attributes disk readonly and press Enter. This sets the read-only attribute.
• Type exit to leave Diskpart.

macOS: Using Terminal

• Open Terminal (Applications > Utilities).
• List your disks using diskutil list. Identify the disk identifier for your USB drive (e.g., /dev/disk2).
• Unmount the disk: diskutil unmountDisk /dev/diskX (replace ‘X’ with the correct number).
• Make it read-only: sudo chflags uchg /dev/diskXs1 (replace ‘X’ with the correct number; ‘s1’ is usually the main partition, but check `diskutil list` if unsure). You’ll need to enter your administrator password.

Linux: Using chattr

• Identify the device name of your USB drive (e.g., /dev/sdb1) using lsblk or fdisk -l.
• Unmount the drive if it’s mounted: sudo umount /dev/sdX1 (replace ‘X’ with the correct number).
• Make it read-only: sudo chattr +i /dev/sdX1 (replace ‘X’ with the correct number). This sets the immutable flag.

Specialist Read-Only USB Drives

These drives are designed from the ground up to be read-only, offering better cyber security than software solutions.

1. Hardware Write Protection Switches: Some USB drives have a physical switch that enables or disables writing. These are reliable but can be lost or broken.
2. Dedicated Read-Only Drives: Manufacturers like Kanguru offer USB drives specifically designed to be read-only, often with added security features like password protection and remote disabling. They tend to be more expensive than standard drives.

Important Considerations

• Reversibility: Software methods are easily reversed. Hardware switches can sometimes fail.
• Firmware Updates: Some read-only drives may allow firmware updates, potentially compromising their security if the update process isn’t secure.
• Cost: Specialist hardware is more expensive than using software on a standard drive.
• Partitioning: If your USB drive has multiple partitions, you need to apply the read-only setting to each partition individually (using methods similar to those above).