October 4, 2014 by

BadUSB: Time to Start Checking Your Laptop’s USB Ports Before Turning On

We’ve recently reported on a software called NetHunter that can turn your smartphone into a “hackphone” that acts as a HID device and can compromise a computer it is connected to, while acting as a keyboard or a network adapter. The principle behind it runs parallel to “BadUSB,” presented at BlackHat 2014 Conference.

BadUSB is based on the idea that that since USB flash drives are so common place, no one will suspect it can be used as a cyberattack tool carrying malicious code. After all, most antivirus programs scan USB drives for viruses and malware, so surely you’re safe. That’s not the case anymore. BadUSB modifies the firmware of the USB stick to appear as a USB stick, but instead a HID (Human Interface Device) or a network adapter, subsequently running the malicious code or re-routing internet traffic, respectively. Creators of BadUSB, SR Labs, did not release the how-to for making one of these.

A week ago, a pair of intrigued security researchers, Adam Caudill and Brandon Wilson, did just that. They presented their process at DerbyCon. For the interested, you can watch the presentation video below. They replicated the BadUSB process only for one specific type of USB controller (Phison 2251-03), however it should be easily modified to work with other types as well. They claim to have done it to raise awareness of this sort of threat and to “push device manufacturers to insist on signed firmware,” said Caudill.

At this time, there isn’t a good way of defending yourself from this sort of attack, said Wilson during the presentation. Manufacturers of USB devices could start locking the firmware, but even then, with all these flash drives already out, it’ll be hard to tell the old, unsafe ones from the new, locked ones. Another option is for the firmware to be required to be signed. This will, of course, take some time to become the norm.


About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

Here are the 10 Most Malware Infected States in the Country

A new report has canvassed more than 1.5 million malware infections in the United States to reveal...

Read more arrow_forward

The Growing Insider Threat

A security threat originating from within the organization which is targeted or attacked is an...

Read more arrow_forward