BadUSB: Big, bad USB security problems ahead

[Borg 386]

The base problem, according to the pair, is "USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe — until now."

Nohl and Lell have discovered that USB controller chips' firmware offer no protection from reprogramming. Using a set of proof-of-concept tools they call BadUSB, they claim that an ordinary USB device, even a thumb drive, can be used to compromise computers in the following ways:

• A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
• The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
• A modified thumb drive or external hard disk can — when it detects that the computer is starting up — boot a small virus, which infects the computer’s operating system prior to boot.

BadUSB: Big, bad USB security problems ahead | ZDNet

 

[Layback Bear]

For some reason the masses can't remember, if something can connect to a computer in any fashion it can be a security problem.

 

[carwiz]

Some years ago when the live picture frames came out, I recall the firmware was loaded with a virus. Thousands of unsuspecting users (PCs) were infected when they loaded pictures into the frame. The USB "drive" firmware is pretty basic. It will read and write anything.

 

[STU9000]

I'm just learning about this.

I use a lot of USB devices, but none that I've bought from ebay. I've plugged a lot of cheap mice into my computer and shared data with people via a number of USB clips.

Anyone know what the ones to look out for are and how serious this is?

I use mostly Sandisk flash drives. I have one TDK and all the ones I've used have been bought from supposedly reputable sources. Can I trust Logitech devices though, and cheap Asda mice? I also have a 4 way micro hub that I think installed drivers, not sure.

Anyway, I recently reinstalled my entire OS from a back up and I'm encountering the same problems as before, especially when I start looking at photos or using Adobe Photoshop CS3. I do a lot of panoramic stitching and stuff from large 24MB HDR files from my Nikon camera, and if I start looking through photos from my hard drive on Windows Photo Viewer what usually happens is it starts to go slow after a few photos and then it hangs up causing me to either close programs down through task manager, and if that doesn't open too readily I'll just turn it off at the button and do a safe restart.

Is there a chance my computer could have been infected by a bad USB?

Is there the same security risk with SD cards?

 

[PeaB4YouGo]

Anyway, I recently reinstalled my entire OS from a back up and I'm encountering the same problems as before, especially when I start looking at photos or using Adobe Photoshop CS3. I do a lot of panoramic stitching and stuff from large 24MB HDR files from my Nikon camera, and if I start looking through photos from my hard drive on Windows Photo Viewer what usually happens is it starts to go slow after a few photos and then it hangs up causing me to either close programs down through task manager, and if that doesn't open too readily I'll just turn it off at the button and do a safe restart.

Is there a chance my computer could have been infected by a bad USB?

Is there the same security risk with SD cards?

I would go ahead and open a new topic here, because I'm sure that the people who could help are more likely to see your post.

 

[STU9000]

I'm trying to keep things tidy and avoid creating duplicate threads. There's only a few posts, and my query is mostly relevant to the discussion of bad USBs. There's doesn't seem to be much discussion on it anywhere else, this is the only thread I could find from a search.

 

[Callender]

USB viruses?

Take a look at this article to disable Autorun on USB:

How to Disable Autorun - USB Drives

Note: You still need to scan files on the USB with your AV to check for threats.

Personally I'm also using other methods including VoodoShield Pro:



Also make sure that your AV is up to date and has an on access file scanner enabled.

 

[STU9000]

Thanks, can this access and scan the firmware on USBs?

 

[Callender]

Scan USB Firmware

Thanks, can this access and scan the firmware on USBs?

No it can't do that. It will block anything untrusted that tries to run and prompt the user for action.

 

[STU9000]

I'll look into this thanks. If I disable autorun then does that mean USB peripherals wont work though? Can I still use flash drives without installing the drivers? I also sometimes charge my iPod up, but my iTunes is on my old Mac, it still installs drivers for some reason. If my computer is infected at the firmware level of some of the hardware inside, is there nothing I can do to fix it then?

 

[Layback Bear]

What exactly do you mean by a bad usb device.

If a flash stick is checked for infections, wiped and formatted then it's about as safe as you or I can make it. Now all you have to do is worry about what someone installs on the flash drive.

Their is always a chance that hardware could come with infections if it has some sort of memory ability.
Some hardware comes with a installation disc that could be infected. Their are all kinds of methods the crooks know about.

Brand names really don't mean a lot in many cases because the Chinese counterfeit just about everything.

I don't use auto run anything. If you do the bad things can install on your computer before your can run any security programs.

 

[STU9000]

Well if I'd known this before... I'll be more careful in future I guess.

 

[Layback Bear]

Being careful is good.
Keep watching the forum Security thread and you will get a good idea what the bad guys are up to.
It's a never ending battle between the good guys and the bad guys.
Never under estimate the bad guys.

 

[Callender]

Disable Autorun

I'll look into this thanks. If I disable autorun then does that mean USB peripherals wont work though? Can I still use flash drives without installing the drivers? I also sometimes charge my iPod up, but my iTunes is on my old Mac, it still installs drivers for some reason. If my computer is infected at the firmware level of some of the hardware inside, is there nothing I can do to fix it then?

Well disabling Autorun just prevents files loaded on the USB from running automatically when it's plugged in. It doesn't prevent driver installation. I had a similar problem with my webcam driver being installed on every boot but I can't remember how I solved the issue!

As for firmware infections there are some interesting articles here:

http://www.sevenforums.com/security-news/352834-detekt-detects-spyware-post2944300.html#post2944300

I guess what you really need to know and monitor is:

"what's connecting and where is it connecting to"

 

[STU9000]

I've always thought USBs presented a security risk like this, but just assumed it wasn't much of a threat since no-one ever talked about it. I don't understand how this has been overlooked for so long, or has it been considered a risk for sometime... I dunno. Like I say I just heard about it.

 

[Callender]

USB - risks

Well personally I have a stack of USB's that were purchased ages ago and those are the one I use. I only ever use them for booting various linux distros, installing windows or on rare occasions moving files from one machine to another. I admit that I don't fully understand the problem but from what I've read the main risk with the firmware is allowing the USB to remain plugged in on boot.