SR Labs research to expose BadUSB next week in Vegas

July 31, 2014 by Nancy Owano weblog
SR Labs research to expose BadUSB next week in Vegas
USB logo

A Berlin-based security research and consulting company will reveal how USB devices can do damage that can conduct two-way malice, from computer to USB or from USB to computer, and can survive traditional "cleaning" protective measures.

SR Labs chief scientist Karsten Nohl and security researcher Jakob Lell are to deliver their presentation, "Bad USB – On Accessories that Turn Evil," at Black Hat in Las Vegas next week. The risks, noted Andy Greenberg in a report on their work in Wired, has to do with the very core of how they are made. This, said Reuters, is a form of malware that can operate from controller chips inside the USB devices. The two researchers from SR Labs said their talk is to demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses. The name of their firmware-residing malware is BadUSB, and it is capable of taking control over a PC.

Nohl and Lell spent months, said Wired, reverse-engineering the firmware running communication functions of the USB devices, and finding out that the firmware can be reprogrammed to hide attack code. Devices not "sticks" is a word used intentionally here, since other devices such as keyboards and mice could also serve as attack conduits. A modified thumb drive, for example, can, when it detects that the computer is starting up, boot a small virus, which infects the computer's operating system. Nohl and Lell said the malware can even impersonate a USB keyboard to suddenly start typing commands. The malware can spoof a network card and change the network's DNS settings to redirect traffic. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, and likewise, any USB device could silently infect a user's computer.

Fixing this risk is not easy; there are no known patches; it is not as if one can "clean up" the problem by deleting files. Anti-virus programs are designed to scan for software written onto memory. As the report in Reuters pointed out, "bugs in software used to run tiny electronics components that are invisible to the average computer user can be extremely dangerous when hackers figure out how to exploit them."

One short-term solution to avoid such an attack might be, said Wired, to not connect your USB device to computers you do not own or do not have good reason to trust and, on the reverse, not to plug untrusted USB devices into your own computer.

Explore further: Help! How to avoid fast-moving computer worm

More information:

Related Stories

Help! How to avoid fast-moving computer worm

January 28, 2009

Since early January, a worm that has been referred to by several names, including "Downadup," "Kido" and "Conficker," has been infecting millions of computers around the world. The worm exploits a previously discovered vulnerability ...

UN atomic agency suffers 'malware' attack

October 22, 2013

The UN atomic agency said Tuesday that some of its computers were infected by malicious software, in its second embarrassing IT slip-up over the past year.

USB sticks may beat Internet hurdles globally

December 6, 2013

( —One may think that free software would be of enormous benefit to people in the towns and villages of the globe where the price of proprietary software is restrictively high. Such is not the case, as noted by ...

Team at Raspberry Pi advance with Model B+

July 14, 2014

Nice, rounded corners. MicroSD card slot with far less jutting out. Two more USB 2.0 ports. These are just some of the changes—Raspberry Pi CEO Eben Upton would be quick to replace the word "changes" with "enhancements"—that ...

Recommended for you

On soft ground? Tread lightly to stay fast

October 8, 2015

These findings, reported today, Friday 9th October, in the journal Bioinspiration & Biomechanics, offer a new insight into how animals respond to different terrain, and how robots can learn from them.


Adjust slider to filter visible comments by rank

Display comments: newest first

Jul 31, 2014
This comment has been removed by a moderator.
1 / 5 (1) Jul 31, 2014
This smells like an autorun typical of windose computers. Computers are not obligated to execute code on USB devices on UNIX
Jul 31, 2014
This comment has been removed by a moderator.
not rated yet Aug 01, 2014
I wouldn't be surprised if, in the next generation of whatever USB evolves into, we start seeing security related confidentiality, integrity, and availability provisions in the protocol. End to end encryption, PKI, etc.
1 / 5 (1) Aug 01, 2014
Just because you can, huh? Why do we have memory sticks with firmware that can be updated? Keyboards that can receive software updates? Once upon a time firmware was burned at manufacture into ROM. If you wanted an update then you go buy the latest model. Looks so much like a systemic flaw that benefits the less than ethical. The Toad is correct .. Nought to do with autorun. I had to check and am shocked that firmware updates of memory sticks is an available process. I am a keyboard .. Here's some commands! Shockingly stupid feature.

It's okay, the Friday night footy is on soon. Drink beer. Eat Pizza. Feel better.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.