When we think and talk about malware and viruses, we often try and secure our computers with antivirus programs. The obvious threat comes from web where we visit a number of websites and online applications; some of them posing a serious threat for our systems. However, have you ever thought that a USB device can pose as a danger to our systems? No, we are talking about the viruses entering from a USB to our Windows PCs through some files.
This new threat is caused by USB firmware. Well, this is the fact which was brought to notice by a researcher duo, Karsten Nohl and Jakob Lell, in 2014’s Black Hat annual conference that took place in Las Vegas.
In the 45 minute long presentation by Karsten Nohl and Jakob Lell, the researchers explained how an innocent looking USB firmware can cause a massive threat to our systems. The malware is known as ‘BadUSB‘.
BadUSB manipulates the USB firmware, the supervising software that controls the mechanism of a USB device. The worst part about this malware is that the threat is tricky to trace. The currently available anti-virus programs cannot detect this malware as it lies in the USB firmware. The attackers just need to get hold of the USB device and they can insert their own controlling chip in the USB firmware. The chip does its ‘job’ when inserted in the computer. It connects with your PC and steals your data or simply spy on your activities.
At the beginning of this presentation Karsten showed a demo on how a USB firmware can easily install a malicious software onto your system. He inserted a normal looking USB into the laptop. The USB was empty and to confirm that the USB did not contain anything, he formatted right in front of the audience. He mentioned that, the presentation wasn’t about the viruses into a flash drive.
You can see in this presentation that the USB device does nothing for a minute after inserting in the laptop. But after that, within a split-second, the USB firmware installed some malicious software on the laptop, turning the normal USB device into a ‘different USB device’.
Implications of BadUSB USB firmware on home and enterprise users
The official blog on Microsoft mentions the implications of BadUSB on home and enterprise users,
“Some USB peripherals may have to be discarded in the future if they become targeted and no manufacturer update is made available…. If any enterprise users require USB thumb drives, they should look into upgrading to a USB model with non-writable firmware or models that require digitally signed firmware updates. Enterprises with highly sensitive data may need to evaluate the firmware update process for all the peripheral devices they currently use and are purchasing.”
BadUSB is therefore a future threat that needs close monitoring and serious attention.