BadUSB malware Stored in USB Firmware can take over the computer

USB logoA new piece of malware has been created, dubbed BadUSB, that can be hidden in the firmware of USB devices and modify the files installed from a removable storage device, as well as divert the Internet traffic by changing the DNS settings.

Karsten Nohl and Jakob Lell from SR Labs are the authors of the BadUSB proof-of-concept malware, against which they say there is no protection solution except restricting the use of USB-connected devices.

They say that turning one device type into another is just a matter of reprogramming the USB controller chips, and that “very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.”

As such, a reprogrammed USB device can emulate another. One example would be a gadget impersonating a keyboard, which can launch commands for stealing data or for installing malware from a specific location. The risk is significant, because there is the possibility to infect other controller chips available on the system.

Another example of how threat actors can use this type of malware is spoofing a network card and proceeding to modify the DNS information and redirect traffic to a system controlled by the attackers.

Also, the method can be used with removable storage devices, which can install malware on the computer before the operating system boots up.

According to the two researchers, there is no effective protection against this sort of threat, because antivirus products don’t have access to the firmware of USB devices. Moreover, at the moment, there is no firewall solution that could block certain device classes.

They also point out that behavioral detection is also a dead end, because when a malicious USB switches to a different device type, the system monitoring mechanism would only record that a new USB device has been hooked to the computer system.

“To make matters worse, cleanup after an incident is hard: simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” the researches explain.

“The USB thumb drive, from which the operating system is re-installed, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive,” they add.

What this means is that once BadUSB has been detected, all USB devices that have been plugged into the computer should be considered infected.

The duo will hold a presentation at the Black Hat USA conference this month, where they will also release the proof-of-concept tools.

Source: Softpedia

Tags: security, USB

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
A new game could be in the works as Blizzard appears to have been hiring for a Diablo-related project
Nokia CEO Rajeev Suri will speak at MWC 2017
However what if you could go way, way back?
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Samsung claims up to 27-percent higher performance or 40-percent lower power
Preliminary data for October shows another Windows 10 boom
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments