SR Labs research to expose BadUSB next week in Vegas

Jul 31, 2014 by Nancy Owano weblog
SR Labs research to expose BadUSB next week in Vegas
USB logo

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional "cleaning" protective measures.

SR Labs chief scientist Karsten Nohl and security researcher Jakob Lell are to deliver their presentation, "Bad USB – On Accessories that Turn Evil," at Black Hat in Las Vegas next week. The risks, noted Andy Greenberg in a report on their work in Wired, has to do with the very core of how they are made. This, said Reuters, is a form of malware that can operate from controller chips inside the USB devices. The two researchers from SR Labs said their talk is to demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses. The name of their firmware-residing malware is BadUSB, and it is capable of taking control over a PC.

Nohl and Lell spent months, said Wired, reverse-engineering the firmware running communication functions of the USB devices, and finding out that the firmware can be reprogrammed to hide attack code. Devices not "sticks" is a word used intentionally here, since other devices such as keyboards and mice could also serve as attack conduits. A modified thumb drive, for example, can, when it detects that the computer is starting up, boot a small virus, which infects the computer's operating system. Nohl and Lell said the malware can even impersonate a USB keyboard to suddenly start typing commands. The malware can spoof a network card and change the network's DNS settings to redirect traffic. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, and likewise, any USB device could silently infect a user's computer.

Fixing this risk is not easy; there are no known patches; it is not as if one can "clean up" the problem by deleting files. Anti-virus programs are designed to scan for software written onto memory. As the report in Reuters pointed out, "bugs in software used to run tiny electronics components that are invisible to the average computer user can be extremely dangerous when hackers figure out how to exploit them."

One short-term solution to avoid such an attack might be, said Wired, to not connect your USB device to computers you do not own or do not have good reason to trust and, on the reverse, not to plug untrusted USB devices into your own computer.

Explore further: New smaller USB Type-C connector to replace Type-A and Type-B

More information: srlabs.de/

add to favorites email to friend print save as pdf

Related Stories

USB sticks may beat Internet hurdles globally

Dec 06, 2013

(Phys.org) —One may think that free software would be of enormous benefit to people in the towns and villages of the globe where the price of proprietary software is restrictively high. Such is not the ...

Help! How to avoid fast-moving computer worm

Jan 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

Team at Raspberry Pi advance with Model B+

Jul 14, 2014

Nice, rounded corners. MicroSD card slot with far less jutting out. Two more USB 2.0 ports. These are just some of the changes—Raspberry Pi CEO Eben Upton would be quick to replace the word "changes" with ...

UN atomic agency suffers 'malware' attack

Oct 22, 2013

The UN atomic agency said Tuesday that some of its computers were infected by malicious software, in its second embarrassing IT slip-up over the past year.

Recommended for you

Tech review: Another year, another iPad

16 hours ago

Some years, Apple introduces a new version of a product and the world rejoices. Other years, the updates are more under the hood, but they still sell a ton.

Gift Guide: Lots of tablet choices, oh my!

21 hours ago

Time for a tablet? People tend to hold onto tablets longer than smartphones, so take time to weigh your options. A major consideration is what phone you or your gift recipient already has. Although it's possible ...

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

Dr_toad
Jul 31, 2014
This comment has been removed by a moderator.
kochevnik
1 / 5 (1) Jul 31, 2014
This smells like an autorun typical of windose computers. Computers are not obligated to execute code on USB devices on UNIX
Dr_toad
Jul 31, 2014
This comment has been removed by a moderator.
alfie_null
not rated yet Aug 01, 2014
I wouldn't be surprised if, in the next generation of whatever USB evolves into, we start seeing security related confidentiality, integrity, and availability provisions in the protocol. End to end encryption, PKI, etc.
bluehigh
not rated yet Aug 01, 2014
Just because you can, huh? Why do we have memory sticks with firmware that can be updated? Keyboards that can receive software updates? Once upon a time firmware was burned at manufacture into ROM. If you wanted an update then you go buy the latest model. Looks so much like a systemic flaw that benefits the less than ethical. The Toad is correct .. Nought to do with autorun. I had to check and am shocked that firmware updates of memory sticks is an available process. I am a keyboard .. Here's some commands! Shockingly stupid feature.

It's okay, the Friday night footy is on soon. Drink beer. Eat Pizza. Feel better.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.