Flaw in USB Protocol Allows Malware to Exist in Device Firmware Undetected

Flaw in USB Protocol Allows Malware to Exist in Device Firmware Undetected

Researchers have discovered a flaw in the basic architecture of the USB protocol that allow malware to be programmed into a USB device’s firmware, making it almost undetectable and impossible to patch.

MacBook Air USB


To demonstrate the ubiquitous vulnerability, SR Labs security researchers Karsten Nohl and Jakob Lell created a proof-of-concept called “BadUSB” that can be installed on any universal serial bus device, including memory sticks, keyboards, smartphones and more, to take over a victim’s PC, insert or change files, modify DNS settings and otherwise play havoc with host hardware, reports Wired

BadUSB isn’t just a piece of malware that is copied into the flash memory of a USB drive. The two researchers reverse engineered USB standard firmware that takes care of moving files on and off of a device, finding a way to insert and hide malicious code.

“These problems can’t be patched,” Nohl said. “We’re exploiting the very way that USB is designed.”

The bad firmware is hidden from discovery unless the infected firmware itself is reverse engineered. A disk erasure, a common way of removing malicious software from a device, will not remove the “Bad” code.

BadUSB also can be coded to propagate itself by infecting a computers USB firmware, which then will infect another connected USB device, which then infects… You get the idea.

The researchers suggest that users adopt a new way of thinking about USB hardware, connecting only to devices that are user-owned, or otherwise trusted.

“In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” Nohl said. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer.”

The findings of Nohl and Lell’s research will be presented at the August Black Hat Conference in Las Vegas.

  1. 294429 584019Flexibility indicates your space ought to get incremented with the improve in number of weblog users. 219478

  2. 378764 789652Wow, remarkable weblog layout! How long have you been blogging for? you make blogging appear straightforward. The overall look of your website is fantastic, as nicely as the content material! 49973

  3. 756084 740256Wow! This could be 1 particular of the most valuable blogs Weve ever arrive across on this subject. Truly Fantastic. Im also an expert in this topic therefore I can understand your hard function. 384656

  4. 83720 585320This site is generally a walk-through you discover the info it suited you about it and didnt know who need to. Glimpse here, and youll surely discover it. 66364

  5. nova88 says:

    432305 106678Average In turn sends provides is the frequent systems that supply the opportunity for ones how does a person pick-up biological, overdue drivers, what 1 mechanically increases the business. Search Engine Marketing 282131

  6. 678603 714439This web page might be a walk-through like the data you wanted concerning this and didnt know who require to. Glimpse here, and youll undoubtedly discover it. 435895

Leave a Reply

Your email address will not be published.