BadUSB malware Stored in USB Firmware can take over the computer

USB logoA new piece of malware has been created, dubbed BadUSB, that can be hidden in the firmware of USB devices and modify the files installed from a removable storage device, as well as divert the Internet traffic by changing the DNS settings.

Karsten Nohl and Jakob Lell from SR Labs are the authors of the BadUSB proof-of-concept malware, against which they say there is no protection solution except restricting the use of USB-connected devices.

They say that turning one device type into another is just a matter of reprogramming the USB controller chips, and that “very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.”

As such, a reprogrammed USB device can emulate another. One example would be a gadget impersonating a keyboard, which can launch commands for stealing data or for installing malware from a specific location. The risk is significant, because there is the possibility to infect other controller chips available on the system.

Another example of how threat actors can use this type of malware is spoofing a network card and proceeding to modify the DNS information and redirect traffic to a system controlled by the attackers.

Also, the method can be used with removable storage devices, which can install malware on the computer before the operating system boots up.

According to the two researchers, there is no effective protection against this sort of threat, because antivirus products don’t have access to the firmware of USB devices. Moreover, at the moment, there is no firewall solution that could block certain device classes.

They also point out that behavioral detection is also a dead end, because when a malicious USB switches to a different device type, the system monitoring mechanism would only record that a new USB device has been hooked to the computer system.

“To make matters worse, cleanup after an incident is hard: simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” the researches explain.

“The USB thumb drive, from which the operating system is re-installed, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive,” they add.

What this means is that once BadUSB has been detected, all USB devices that have been plugged into the computer should be considered infected.

The duo will hold a presentation at the Black Hat USA conference this month, where they will also release the proof-of-concept tools.

Source: Softpedia

Tags: security, USB

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apple’s 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)