HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 7 MINUTES AGO.
You are here: Home / Enterprise I.T. / BadUSB Turns Thumb Drives Evil
BadUSB Exploit Turns Thumb Drives Dangerously Bad
BadUSB Exploit Turns Thumb Drives Dangerously Bad
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
04
2014



If you depend on a USB device to transfer files from one machine to another, you may want to start thinking about cloud storage. That’s because researchers have discovered a flaw in USB design specifications that could put your machines at risk.

According to SR Labs, a German security firm, the versatility of USBs are also their Achilles heel. Think about it for a minute. Almost any computer, from desktops to healthcare devices to storage, can connect using USBs.

“Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” SR Labs wrote in a blog post warning about what it is calling BadUSB. “To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.”

The Really Bad News

Once reprogrammed, SR Labs warned, benign devices can turn malicious. The firm outlined three specific ways a good USB turns into a so-called BadUSB.

SR Labs warns a device can emulate a keyboard and issue commands on behalf of the logged-in user to enter files or install malware. In turn, the firm explains, such malware could infect the controller chips of other USB devices connected to the computer.

Alternatively, the device could also spoof a network card and change the computer’s DNS setting to redirect traffic. Or, the firm explained, a modified thumb drive or external hard disk can boot a small virus when it detects that the computer is starting up. That virus infects the computer’s operating system prior to boot.

If you think that’s bad news consider this: There’s no known defense. According to SR Labs, malware scanners can’t access the firmware running on USB devices. That, the firm continued, is because USB firewalls that block certain device classes do not exist. What’s more, behavioral detection is difficult because the behavior of a BadUSB device looks like a user has merely plugged in a new device.

And that’s not even the worst of it. SR Labs is also warning that clean up after an infection is a difficult task, in part, because reinstalling the operating system doesn’t address BadUSB infections at the root.

“The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer,” the firm said. “A BadUSB device may even have replaced the computer’s BIOS -- again by emulating a keyboard and unlocking a hidden file on the USB thumb drive. Once infected, computers and their USB peripherals can never be trusted again.”

How To Protect Yourself

We turned to Paul Ducklin, a senior security advisor at Sophos, to get his take on BadUSB. He told us this has been a potential problem for years and the wheels aren't entirely coming off yet.

“The biggest risk right now with putting your USB into someone else's computer is that they could, if they wanted, scrape all the data off it -- including stuff you thought you'd deleted -- while displaying your PPT file for the duration of your lecture, or whatever, and you'd simply never know,” Ducklin said.

“So if you want a USB security bridge to cross before sweating over this new, BlackHat-friendly one, [then] data leakage protection -- and/or device encryption -- are your first friends to make,” he added.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Barium Ferrite Is The Future Of Tape: Barium Ferrite (BaFe) offers greater capacity, superior performance, and longer archival life compared to legacy metal particle (MP) tape. Click here to learn more.
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.