Security researchers have long warned about the dangers of malicious files on infected USB sticks. But now experts have discovered a much more dangerous threat that is even more widespread, virtually untraceable and much more difficult to solve than simply installing anti-virus software. The Berlin-based researchers reverse-engineered the software files that control how the USB [...]

Sunday Times 2

Is your USB drive at risk?

'Invisible yet fundamental' flaw that lets hackers take over computers discovered by security experts
View(s):

Security researchers have long warned about the dangers of malicious files on infected USB sticks.

But now experts have discovered a much more dangerous threat that is even more widespread, virtually untraceable and much more difficult to solve than simply installing anti-virus software.

The Berlin-based researchers reverse-engineered the software files that control how the USB drive’s software works – and revealed how this so-called firmware can be reprogrammed to take complete control of a PC.

Berlin-based researchers reverse engineered the firmware that controls USB functions, including controller chips that connect a USB to a PC so it can transfer files. They discovered this firmware can be reprogrammed with malicious code, and this reprogramming is virtually untraceable (Reuters)

Firmware is a software program, or set of instructions, programmed onto a hardware device.

It tells the device how to communicate with other devices, including computers.

Firmware can be thought of as ‘semi-permanent’ since it remains the same unless it is updated by a ‘firmware updater’.

Firmware updates are installed the first time a device is used, for example, or to update a device so it works on a new operating system.

Drive manufacturers will often update firmware to improve the performance of their devices.

These changes are made at a central level before being pushed out to individual devices.

The flaw was discovered by Karsten Nohl and Jakob Lell at Security Research Labs has been dubbed BadUSB.

It affects thumb drives and external hard drives, but also any device that connects to a PC using USB.

This includes keyboards and the mouse, as well as the USB drives used to charge phones and tablets.

‘The [USB] interface standard conquered the world over the past two decades thanks to its versatility.

‘Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.

‘This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.’

By reprogramming the USB central firmware with malicious code, which is then pushed to individual devices, the hackers could gain access to a PC once its connected to an infected USB.

The hackers discovered BadUSB could then be used to issue their own commands, for example.

This includes emulating a keyboard and issuing commands on behalf of the user, such as opening files or installing malware.

Such malware could then be used to infect any other connected USB devices.

The device can also spoof a network card and change the computer’s settings to redirect web traffic to certain sites.

Mr Nohl and Mr Lell added there are ‘no effective defenses from USB attacks.’

‘Malware scanners can’t access the firmware running on USB devices.

‘USB firewalls that block certain device classes do not (yet) exist.

‘And behavioural detection is difficult, since a BadUSB device’s behaviour when it changes its persona looks as though a user has simply plugged in a new device.’

The researchers are due to present their research at the Black Hat security conference in Las Vegas next week.

‘USB has become so commonplace that we rarely worry about its security implications,’ they continued.

‘USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe – until now.’

‘We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.’

Sadly, because of the nature of the flaw and the wide scope it covers, there is little users can do to protect themselves.

The researchers told Wired the best course of action is to only use USB devices that are 100 per cent trustworthy; ones that users know haven’t been used by anyone else and couldn’t have been compromised.

© Daily Mail, London

THE USB FLAW AND HOW TO PROTECT YOURSELF

The flaw affects thumb drives and external hard drives, but also any device that connects to a PC using USB.
This includes keyboards and the mouse, as well as the USB drives used to charge phones and tablets.
If malicious code is programmed into the firmware, hackers could use it to issue their own commands on a PC, for example.
This includes installing malware, taking over a PC, or redirecting web traffic.
According to the researchers, this reprogramming is virtually untraceable and can’t be patched.
They added the best course of action is to only use USB devices that are 100 per cent trustworthy.

Share This Post

DeliciousDiggGoogleStumbleuponRedditTechnoratiYahooBloggerMyspace

Advertising Rates

Please contact the advertising office on 011 - 2479521 for the advertising rates.