Most people who are familiar with computers would have at least one experience in using USB device. In case you haven’t heard, we had a new security threat coming from the weakness of this interface. This article is going to present you this topic using the simplest possible language, to make it easier for novice readers to understand.
The new thread is named BadUSB. Simply speaking, it’s a malware. What is malware? According to Wikipedia, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. However, this malware is different from our usual understanding of malicious software. BadUSB attack was demonstrated by researcher Karsten Nohl to prove the world that it’s possible. Nohl didn’t release the code he used to exploit this weakness, but two other researchers named Adam Caudill and Brandon Wilson did reverse engineering the USB firmware and successfully reproduced the BadUSB malware. They published their result in Github because they believe to release the flaw to the public so people can develop something to defend against such flaw.
So what is the “danger” from this malware? Here are some examples:
1. It can make a computer detects a USB drive as keyboard, therefore it can do whatever a human user can do without any human actually believing it. The computer will treat those keyboard inputs just like believing what we type using actual keyboard. So, this “fake keyboard” can actually do all kinds of harm.
2. It can make a computer detects a USB drive as network card. Once connected, it can fool the computer to connect to malicious sites while the computer “thinks” they are safe destinations.
3. It can transforms an Android phone into a network card. So when it connects to a WiFi network, it can do things pretending to be someone from the network administrator.
Up to today, no antivirus software would be able to “detect” this, because BadUSB does not infect a file. It stays inside the firmware of a USB interface. The bad news is: it’s not easy to “fix” this malware.
What is a firmware? It’s basically some codes stored in persistent memory of a hardware, allowing it to work. Updating a firmware is usually possible. However, updating a firmware cannot be done without communication with existing firmware. When a firmware is already infected, it can simply “lie” to the process of update installation, telling the updater that it has been updated successfully even when it’s not.
Since BadUSB malware is about pretending to be another hardware, basically any device with any operating system that accepts USB devices can receive harm. Yes, it means it will be equally dangerous for Windows, Unix/Linux, Chrome OS and Mac OS X.
So, this is a dangerous flaw in the design of USB standard. Antivirus software can’t detect it. There is no easy patch to fix this malware. Then what can we do as normal computer users?
1. Avoid plugging untrusted USB devices. I’d like to believe that any USB drive we already have prior to the announcement of this issue is supposedly “safe”. Though we can’t really be sure anyway.
2. Do not buy a pre-owned USB devices.
3. Try to be in front of your computer when attaching a USB device. This way you can quickly notice if the computer start doing something without your action.
4. Until some kind of fix is released, perhaps we can use cloud storage.
Leave A Comment