Security researchers Karsten Nohl and Jakob Lell of Security Research Lab have managed to exploit a fundamental flaw in USB technology that makes us rethink the way we use this versatile technology. We use USB devices every day; we use them as storage devices, computer peripherals, cell phone chargers, data cables for smartphones and printers and much more. To make USB work with any device a programmer has to reprogram the USB controller chip present in the peripheral. The only problem with this is that most USB controller chips including the ones used in thumb drives have no protection against reprogramming. These researchers exploited this flaw by developing a proof-of-concept malware called BadUSB. Once BadUSB infects a USB drive, it reverse engineers the USB firmware and turns them malicious. They can program any USB device to behave as a keyboard and issue commands to the computer to install harmful malware and corrupt users’ files. The downloaded malware can then be used to infect controller chips of other USB devices connected to the computer. The tainted USB device can also be used to emulate a network card which has the capability to change the computer’s DNS and redirect the traffic to hackers. Finally, there is the threat of injecting a computer with a boot virus with the help of a thumb drive which has been programmed with BadUSB.
Normally when you discover a malware on your computer you have to rely on your trusted antivirus or in the worst case perform a system format to get rid of the threat. In case of a BadUSB infiltrated system however you do not have any defences because of three reasons. First, antivirus software cannot check the firmware running on a USB device. Second, when a BadUSB infected device is plugged into a computer, the antivirus does not perform a heuristic analysis (checking unusual behaviour for unknown malware detection) because the changed persona of the new device makes it think that the user has plugged in a new device. Finally, a full operating system reinstallation cannot get rid of this because all the while the computer was infected it could have downloaded the malicious software which would have reprogrammed other USB devices connected to the computer such as a hardwired USB webcam on a laptop or worse it could have reprogrammed the computer’s BIOS because as we have mentioned earlier it can behave as a keyboard.
While talking to Wired, the researchers said that once infected with BadUSB one has to think that the USB device is a hypodermic needle which should not be shared among users and immediately thrown away because a technical patch cannot fix the problem. During their research they contacted a Taiwanese USB device maker whom they refuse to name citing the problem but the company insisted that such infection was not possible. The duo is planning to give more details of their research and demonstrate BadUSB at the BlackHat USA 2014.
Normally when you discover a malware on your computer you have to rely on your trusted antivirus or in the worst case perform a system format to get rid of the threat. In case of a BadUSB infiltrated system however you do not have any defences because of three reasons. First, antivirus software cannot check the firmware running on a USB device. Second, when a BadUSB infected device is plugged into a computer, the antivirus does not perform a heuristic analysis (checking unusual behaviour for unknown malware detection) because the changed persona of the new device makes it think that the user has plugged in a new device. Finally, a full operating system reinstallation cannot get rid of this because all the while the computer was infected it could have downloaded the malicious software which would have reprogrammed other USB devices connected to the computer such as a hardwired USB webcam on a laptop or worse it could have reprogrammed the computer’s BIOS because as we have mentioned earlier it can behave as a keyboard.
While talking to Wired, the researchers said that once infected with BadUSB one has to think that the USB device is a hypodermic needle which should not be shared among users and immediately thrown away because a technical patch cannot fix the problem. During their research they contacted a Taiwanese USB device maker whom they refuse to name citing the problem but the company insisted that such infection was not possible. The duo is planning to give more details of their research and demonstrate BadUSB at the BlackHat USA 2014.
No comments:
Post a Comment