The Internet world is full of security issues and the recent cause for worry comes from BadUSB. It is basically a USB security flaw that can turn the humble USB stick into a dangerous weapon that can transport malicious commands to a computer. BadUSB was first brought to light at a Black Hat conference by German researchers and Jakob Lell and Karsten Nohl and has since been unleashed on to the public domain by security researchers Adam Caudill and Brandon Wilson replete with DIY instructions.
How BadUSB Works
USB devices are versatile. They are built into most modern computers and can be used on various computer peripherals. All USB devices carry a microcontroller that runs the hardware. This microcontroller is the one that sends USB commands to the PC, processes keystrokes and fetches data from flash memory.
These microcontrollers have their own control program, what we call firmware. This firmware is usually written by the firm’s manufacturers and is stored in the microcontroller itself. As with most firmware, it can also be updated. And it is this precise function that has turned into its Achilles heel.
A malware could easily overwrite or modify this firmware to include a new behavior such as modify files fetched from its storage memory thereby attaching a virus when plugged into any device. What is quite scary about BadUSB is that unlike a usual virus that is stored on a computer it cannot be detected by malware scanners. In fact it cannot even be erased and reformatting also won’t make a difference.
BadUSB can manifest itself in several ways. For instance, it can act as a virtual keyboard and issue commands on behalf of a logged in user to install malware and infect any USB devices connected to the computer. It can also spoof a network card, change the DNS settings and redirect traffic. Also during bootup, a BadUSB can infect a computer’s OS with a virus even before it is booted.
This is a pretty long presentation but is worth taking a look at.
How to Protect Against BadUSB
For the moment, it appears that to all practical purposes, there is no sure fire fix. Once infected, computers and their USB peripherals can never be trusted again. BadUSB is undetectable, unremovable and is is pure evil. Most antivirus makers suggest that the best thing to do at the moment is to insert only trusted USB devices into computers, avoid using borrowed USB devices, or purchasing pre-owned ones. Some even suggest avoiding free USB drives given at promotional events. On a sidenote, Ironkey has revealed that its USB devices are not vulnerable to BadUSB and you can read more about it here.