So it turns out all those warnings about malicious files on an infected USB sticks were a little more than just true. Security researchers have been warning us about them since forever.
But it was only recently that they realized that the threat was far more dangerous than what they thought earlier, its widespread, virtually undetectable and takes much more than installing a simple antivirus software. Researchers from Berlin using reverse-engineering techniques on the software files that control the functioning of the USB drive’s software revealed that a PC can be completely controlled by reprogramming this so-called firmware. A firmware is actually software program that is programmed onto a hardware device and determines the communication process with other devices including computers. Unless it is updated by a ‘firmware updater’, it remains unchanged or “semi-permanent”.
Updates for each firmware are installed onto the device the first time it is used or during an update so it works on a new operating system. Manufacturers often update firmware in order to enhance the performance of devices. These alterations are made at a focal level before being implemented on to individual devices as well. The problem was discovered by Jakob Lell and Karsten Nohl at Security Research Labs and has been labelled in the industry as BadUSB. It not only harms the thumb-connected drives and external hard drives but also any device connected to the PC through the USB port. This includes keyboards, mouse, phones, tablets or any device that we connect with it via the USB port.
The USB interface standard took over the electronic industry in the past two decades owing to its versatility. Nearly any computer peripheral can be connect this way, be it storage gadget or input gadgets or healthcare devices.
This versatility is also a problem because since different devices can be plugged in via the same connectors, one device can be a major source for malicious files without getting the user’s attention. Hackers could gain access to a PC easily by reprogramming the central firmware of the USB with malicious code which is then transferred to individual devices connected to it afterwards. The hackers realized that they could use BadUSB to communicate their own commands on behalf of the user such as installing files, or emulating a keyboard or installing malware. This malware would then start a chain of infecting other USB port devices.
The device can also alter a network card’s programming and can have computer’s settings to be changed such that web traffic is redirected to some sites without any user command. According to Mr Nohl and Mr Lell, there are no effective defences from USB attacks as of yet because USB firewalls that would be able to block certain types of devices from connecting have not yet been invented and malware scanners cannot gain access to the firmware running on the connected USB devices.
Moreover, behavioural detection is even more difficult, because BadUSB functions in a way so as to seem that the user has simply plugged in another device to the PC. Research in this area is to be presented at the Black Hat security conference in Las Vegas soon.
‘USB has become so commonplace that we rarely worry about its security implications,’ they further continued. ‘USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe – until now. We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defences.’
Unfortunately, even under the current research and advancements, there is very little a user can do to save his devices from this menace.
The best course of action, however, according to researchers is to use 100% trustworthy USB devices, about which the user knows that they have not been connected to any other device to undergo the risk of compromise.