Skip to content

OPLIN 4cast #397: BadUSB

Posted in 4cast

USB driveAs if you needed something else to worry about, there seems to be a strong possibility that USB devices can be used in new and nasty ways to damage computers, such as the public computers in libraries. Security researchers Karsten Nohl and Jakob Lell are giving a briefing tomorrow about “BadUSB—on accessories that turn evil” at the Black Hat convention in Las Vegas. Their presentation has already received a lot of attention because they have found a way to reprogram the controller chip in a USB thumb drive so it acts like a different USB device, perhaps a keyboard or network card. And there doesn’t seem to be any easy way (yet) to protect your computers.

  • Why the security of USB is fundamentally broken (Wired | Andy Greenberg)  “The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted.”
  • Researchers warn about ‘BadUSB’ exploit (PC Mag | David Murphy)  “A device could, for example, emulate a USB-connected keyboard and automatically send over all sorts of keystrokes that, when combined, could lead to issues—installing malware, wiping key files off a drive, copying files over to the USB device, etc. And that’s just the first example. SRLabs notes that a USB-connected device could also pretend that it’s a network card and redirect the traffic to and from a system through a rogue DNS server. Or, better yet, it could infect that system with a boot-sector virus that could be a bit tougher to detect and remove than your average infection.”
  • BadUSB: Big, bad USB security problems ahead (ZDNet | Steven J. Vaughan-Nichols)  “The hackers claim that ‘Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.’ In short, ‘Once infected, computers and their USB peripherals can never be trusted again.’”
  • Don’t panic over the latest USB flaw (Tom’s Guide | Marshall Honorof)  “BadUSB is a proof-of-concept attack, designed by security researchers. They’re not going to release it into the wild[…] Furthermore, demonstrating something like BadUSB at a conference like Black Hat is basically an open invitation for the security community to fix this vulnerability before it becomes widespread.”

Articles from Ohio Web Library: