HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 4 MINUTES AGO.
You are here: Home / Network Security / BadUSB Lets Hackers Hijack PCs
Powered by Verisign:
Cloud-based solution to improve Your DDoS Attack Readiness.
Click here to learn more.
BadUSB Security Flaw Lets Hackers Hijack PCs
BadUSB Security Flaw Lets Hackers Hijack PCs
By Jef Cozza / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JULY
31
2014


The firmware that controls USB functions can be used by hackers to take control of computers, according to security experts at Security Research Labs, a Berlin-based security firm. The finding could represent an entirely new class of attack for which there are no defenses.

Karsten Nohl, chief scientist at Security Research Labs, and security researcher Jakob Lell discovered the vulnerability by reverse-engineering the USB firmware. They dubbed the security flaw "BadUSB" and plan to present their findings at the Black Hat convention in Las Vegas next week. According to the researchers, widely spread USB controller chips have no protection against being reprogrammed.

Not Just Thumb Drives

In addition to USB thumb drives and external hard drives, the vulnerability also applies to any device that connects to a PC via a USB port, including keyboards, mice, and mobile device chargers. The very versatility and ubiquity of the USB standard is also its Achilles heel. “Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” according to the researchers.

The security flaw can allow hackers to reprogram a USB device’s firmware with malicious code, allowing them to gain access to PCs connected to the infected device, and issue their own commands. Unauthorized users could use the flaw to install malware, access files, or issue commands. A modified thumb drive can also spoof a network card and change the computer’s DNS setting in order to redirect traffic, or boot a small virus to infect a computer's operating system prior to booting.

The infected peripheral can then infect other USB devices connected to the PC. According to Nohl, SR Labs has already succeeded in performing such attacks themselves, and global intelligence agencies, such as the National Security Agency, may already be using the security vulnerability to launch attacks.

Virtually Untraceable Intrusion

According to Nohl and Lell, “no effective defenses from USB attacks are known.” Malware scanners cannot access the firmware running on USB devices, and so far there are no firewalls capable of blocking certain device classes. “Behavioral detection is difficult, since a BadUSB device’s behavior when it changes its persona looks as through a user has simply plugged in a new device,” the researchers said.

Even worse, recovering from an attack is extraordinarily difficult. “Simply reinstalling the operating system -- the standard response to otherwise ineradicable malware -- does not address BadUSB infections at their root,” Nohl and Lell wrote in their report.

“The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS -- again by emulating a keyboard and unlocking a hidden file on the USB thumb drive, they added.”

Once infected, the researchers said, neither the computer nor its USB devices can ever be trusted again. Nohl and Lell plan to describe the attack in greater detail at the Black Hat hacking conference.

Tell Us What You Think
Comment:

Name:

Dana:

Posted: 2014-08-03 @ 12:10pm PT
I have just discovered that I've acquired this virus sometime in the last 8 days! [I didn't have the virus when I ran scans last weekend.] I have not used any plug-ins this week than I have been using for over a year, so I don't know how it might have come from a plug-in. I have also not installed any new software or updates in the same time period. Does this virus lie latent, and then show up when triggered by something else?

Wilson:

Posted: 2014-08-02 @ 8:18pm PT
Come on guys and gals. Everyone is claiming this is a vulnerability of USB. Wrong. This is a vulnerability of Plug and Play. This can be done with Firewire and Thunderbolt. It could even be done with a card in a PCI slot. I am amazed that it has taken the bad guys almost 20 years to figure this out. I saw this coming when the first Plug and Play devices came out with Windows 95. Luckily none of the hardware manufacturers allowed their techs to pull off something like this.

Not2Nite:

Posted: 2014-08-01 @ 1:12pm PT
For some reason this is "new"? I know of a computer security company that's been doing this in a manner of speaking for well over a year. They have a modified USB device that has a RAT that loads as part of the device driver. Windows sees it as a keyboard, so no screen pop ups or driver installs. Compromise takes less than a second. Thankfully, this agency is a true security testing entity and uses the device as part of physical pentests. Think about an interview candidate left alone in a conference room with a PC somewhere.

Physical security of computing devices and restricted access to them is absolutely as important as catching something from "the Net".

Gerald309:

Posted: 2014-08-01 @ 11:32am PT
Answers the question - not what's next, but what's last. It's a shame that all those who are admittedly computer and security dummies will suffer the worst from any of this. Reaching consumers about PC security has been a major problem since day one when spyware was born. I never throw the hands up, there will be a fix, count on it!

Alan:

Posted: 2014-08-01 @ 9:08am PT
Why can't someone publish a USB firmware verifier that performs a checksum on USB firmware chips and compares it to an OEM hash database?

INCOSE:

Posted: 2014-07-31 @ 11:45am PT
A startup out of MIT called Gigavation (http://www.gigavation.com/) has solved this problem according to recent MIT Sloan CIO Symposium "Security and Privacy" panel (http://www.mitcio.com/agenda).

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
DDoS PROTECTION POWERED BY VERISIGN: The increasing frequency, size and sophistication of DDoS attacks are rapidly changing the face of network security. DDoS Protection Services powered by Verisign provides a comprehensive cloud-based solution from the operator of some of the Internet's largest and most reliable infrastructure. Click here to take a closer look Verisign's DDoS solution.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.