He points to a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. “What this appears to demonstrate is that it’s also possible to go the other direction, which suggests the threat of compromised USB devices is a very serious practical problem.”īlaze speculates that the USB attack may in fact already be common practice for the NSA. “We’ve all known if that you give me access to your USB port, I can do bad things to your computer,” says University of Pennsylvania computer science professor Matt Blaze.
USB FLASH DRIVE ANTIVIRUS PC
“Nobody can trust anybody.”īut BadUSB’s ability to spread undetectably from USB to PC and back raises questions about whether it’s possible to use USB devices securely at all. And likewise, any USB device could silently infect a user’s computer. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device's owner to detect it. The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. But unless the IT guy has the reverse engineering skills to find and analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.” “You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s 'clean,'" says Nohl. Their central finding is that USB firmware, which exists in varying forms in all USB devices, can be reprogrammed to hide attack code. They spent months reverse engineering the firmware that runs the basic communication functions of USB devices-the controller chips that allow the devices to communicate with a PC and let users move files on and off of them. But the two hackers didn’t merely copy their own custom-coded infections into USB devices’ memory. Nohl and Lell, researchers for the security consultancy SR Labs, are hardly the first to point out that USB devices can store and spread malware. 'In this new way of thinking, you have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.' “We’re exploiting the very way that USB is designed.” “These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. And the two researchers say there’s no easy fix: The kind of compromise they're demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.
USB FLASH DRIVE ANTIVIRUS CODE
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted.
The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.
USB FLASH DRIVE ANTIVIRUS SOFTWARE
That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it's built into the core of how they work. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. Computer users pass around USB sticks like silicon business cards.