BadUSB Returns – Back in July, a massive security hole was discovered ” BadUSB ” that can gave hackers the ability to hijack billions of USB devices, from keyboards, printers to USB drives. Because of the severity of the issue, the researchers who discovered the security flaw didn’t publish their BadUSB exploit code.
However, after that two other hackers have worked out on how to exploit BadUSB and released a bunch of hacking tools that can be used to convert USB drive into silent malware installer. Also they’ve published their BadUSB Malware source code on open source code hosting website Github for public. Device makers are pressured to actually fix the security flaw before millions of users have their USB devices exploited, which is a big problem as there’s no easy security fix for BadUSB Malware.
What is BadUSB ?
In short, every USB drives has a microcontroller in it which is a small chip that acts as an interface between the device ( keyboard, or flash drive) and the host (PC). This small chip often has firmware that can be reprogrammed to do notorious things, such as logging your keystrokes and infect your Personal computer with malware, or something much worse. BadUSB is really very dangerous because of one factor which is “It is Undetectable”, even if scanned by Antivirus program.
The security researchers who originally discovered the BadUSB are Karsten Nohl and his friends at SR Labs announced that the BadUSB bug exists in July, and shared more details with device makers. Here you can watch the video of their presentation. The German security researchers did not publish their source code because they thought it would be dangerous and too hard to patch.
We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that USB Manufacturer Phison will add extra support for signed updates to all of the controllers it sells,” Caudill said in his Blog. “Phison electronics isn’t the only player, though they are the most common—I’d love to see them take the lead in improving security for these devices.
Now, however two security researchers Adam Caudill and Brandon Wilson at Derbycon in Kentucky have discovered the same BadUSB bug — and, more importantly, they’ve published their proof-of-concept. They has capability to spread itself by hiding in the firmware meant to control the ways in which USB drives connect to computers.
If you know what you’re doing, you can grab the source code and start exploiting USB devices straight away. The hack utilizes the security flaw in the USB that allows an attacker to write a self-replicating worm that key logs passwords and other sensitive data stands to make millions of dollars.
Source Code is Available On Internet for Free
The two security researchers justify their release in Derbycon Hacker Conference in Louisville last week, both were able to reverse engineer the USB firmware & infect it with their own malicious code & hijack the associated device. They also underlined the danger of the BadUSB hack by going in-depth of the source code.
The two security researchers replicated the emulated keyboard attack, and also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.
BadUSB vulnerability presents in only one Taiwanese electronics company which is Phison electronics. But the Phison USB device can infect any device they are plugged into. The Taiwanese USB Manufacturer has not yet revealed for whom it manufactures USB drives.
BadUSB Vulnerability is Undetectable & Unpatchable
The Vulnerability flaw in Phison USB basically modifies the firmware of USB devices, which can be done from inside the operating system easily and hides the malware in USB devices in a way that it become almost impossible to detect it, even by Antiviruses. The security flaw goes even more worst when complete formatting or deleting the contents of a USB device wouldn’t vanish the malicious code, as it is embed in the firmware.
According to Wired, this BadUSB vulnerability is practically unpatchable because it exploits the very way that USB device is designed. If Once infected, each USB drive will infect anything it’s connected to.
Impact of BadUSB Vulnerability
- Once the device is compromised, the USB devices can reportedly:
- Log keystrokes
- alter folders & files
- infect other devices & systems
- spoofs a network card to change the computer’s DNS setting
- Install malware & Control Keyboard
Protection Against the BadUSB Attack
For the time being, the best mitigation against BadUSB vulnerability and other similar exploits is good security practices. Always Keep your software updated & never open any files which you don’t recognize, and don’t plug any devices into your computer unless you know where they’ve been.