A Major Exploit in USB Firmware Is An Undetectable, Unpatchable Nightmare

A Major Exploit in USB Firmware Is An Undetectable, Unpatchable Nightmare

by Dan Vlasic on 4 August 2014 · 2927 views

2 medium A Major Exploit in USB Firmware Is An Undetectable Unpatchable NightmareWe already covered this but not with the added paranoia-infusing which we'll do here. Two hackers, or as they are called now security researchers because they do reverse engineering and work for a security consultancy SR Labs, have managed to find a hole in USB-driven devices of unprecedented danger and power.

Think about how you use your USB stick

You might know some basic USB hygiene, such as protecting your USB dongle with any of the immunizing apps that make running any executable file from it impossible. Common sense may stop some of you from using it on public computers in libraries or shops while most of us gladly take the dongles that come free of charge with a demo of some software or product. Most importantly, we use USBs to exchange files for instances when cloud storage is not an option – at business meetings, presentations, or simply when bringing a favorite movie to a friend’s place for a quiet Saturday getaway.

Now, forget everything you think you know about USB security because re-formatting, antivirus, spyware, anti-keylogger suites are not functional against the kind of exploit found by Karsten Nohl and Jakob Lell. They will introduce their findings at the Black Hat security conference in Las Vegas, even though they hesitate their findings might ignite a new wave of attacks on general consumers.

Big BadUSB Problem

The malware they created was codenamed BadUSB, and it taps into how the USB is built, instead of infiltrating with its contents.

As a result, the malware goes totally undetected by security software, and the number of things it can do is truly terrifying. BadUSB resides in the firmware, which controls the dongle’s functions, and once connected to a computer, it silently infects it allowing a hacker full access to the computer itself and Internet traffic of the victim. Multiply that by two-way direction of the malware that can pass from an infected computer to a healthy USB stick and from an infected USB stick to a healthy computer, and the infection rate increases. Now, add the fact that all USB-connected devices can be exploited, namely USB mice, keyboards, smartphones and other peripherals, and you might feel a little ill at ease. A BadUSB infected smartphone or a keyboard can do anything a regular keyboard to a computer – run files, reboot, do things in BIOS, etc.

It's Past Tense, Not Future

If you say we still have time before this hack goes viral, we have more bad news for you. NSA has been using it for years now, and we only know it thanks to Edward Snowden files. The trick in question goes by the name of Cottonmouth. It would be safe to assume NSA and SR Labs technical wizards are not the only ones who have discovered the exploit. The difference is in the attitude and moral principles, or the lack of whereof. I wouldn’t be surprised if a commercial version of something like BadUSB circulated on the black market because not all hackers are honest Robin Hoods.

1 large A Major Exploit in USB Firmware Is An Undetectable Unpatchable Nightmare

Will Manufacturers Care?

Even Nohl and Lell run the risk of spreading the news that can be easily exploited only for the sake of hoping USB manufacturers might consider the threat is serious enough to take action. I would not be so optimistic. The manufacturers bet on capacity and longevity, and in some cases, the good looks of their USB sticks, leaving their security for the consumers.

Consider Using USBs like Syringes

Indeed, security of your personal belongings, including your digital data carriers, is your responsibility. That is why you must clearly understand that the security of a USB-enabled device is basically dead, or fully compromised in the least. Man-in-the-middle spying, intercepting communications, hijacking traffic, redirecting it to hacker controlled servers, or simply siphoning your browsing data to advertising companies and more can and is done by means of this USB firmware exploit. We just did not know it until now.

Where do we go from now, provided no device can be deemed 100% trusted? “Perhaps you remember once when you’ve connected some USB device to your computer from someone you don’t completely trust,” says Nohl. “That means you can’t trust your computer anymore. This is a threat on a layer that’s invisible. It’s a terrible kind of paranoia.”

Find more details on the findings on Wired, Forbes and ZDNet.

Comments (0)
Featured Articles