October 4, 2014 by

BadUSB: Time to Start Checking Your Laptop’s USB Ports Before Turning On

We’ve recently reported on a software called NetHunter that can turn your smartphone into a “hackphone” that acts as a HID device and can compromise a computer it is connected to, while acting as a keyboard or a network adapter. The principle behind it runs parallel to “BadUSB,” presented at BlackHat 2014 Conference.

BadUSB is based on the idea that that since USB flash drives are so common place, no one will suspect it can be used as a cyberattack tool carrying malicious code. After all, most antivirus programs scan USB drives for viruses and malware, so surely you’re safe. That’s not the case anymore. BadUSB modifies the firmware of the USB stick to appear as a USB stick, but instead a HID (Human Interface Device) or a network adapter, subsequently running the malicious code or re-routing internet traffic, respectively. Creators of BadUSB, SR Labs, did not release the how-to for making one of these.

A week ago, a pair of intrigued security researchers, Adam Caudill and Brandon Wilson, did just that. They presented their process at DerbyCon. For the interested, you can watch the presentation video below. They replicated the BadUSB process only for one specific type of USB controller (Phison 2251-03), however it should be easily modified to work with other types as well. They claim to have done it to raise awareness of this sort of threat and to “push device manufacturers to insist on signed firmware,” said Caudill.

At this time, there isn’t a good way of defending yourself from this sort of attack, said Wilson during the presentation. Manufacturers of USB devices could start locking the firmware, but even then, with all these flash drives already out, it’ll be hard to tell the old, unsafe ones from the new, locked ones. Another option is for the firmware to be required to be signed. This will, of course, take some time to become the norm.


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Popular Freeware Site Download.com Found Hosting Bitcoin Stealing Malware

A dangerous bitcoin stealing malware that swaps user accounts with that of the attacker was...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward

Cybercriminals Spoof Millions of Printers, Scanners to Spread Malware

Security researchers have discovered cybercriminals spoofing millions of scanners to launch attacks...

Read more arrow_forward