BadUSB Solution
Learn about the threats, risks and how to protect yourself.
Recently there has been increased media coverage regarding "BadUSB".
BadUSB is a way to theoretically manipulate any USB device to be infected with a virus (or other types of malware). This means in plain terms that an attacker will take a regular USB hardware which contains a small microprocessor, manipulate the firmware (which is actually a small operating system for the microcontroller to work) and infect it with malware. This will turn the USB hardware into a tool to manipulate your computer further.
In reality, this is very hard to do for an attacker but not impossible. The security researchers that reveal this threat are usually using a specific USB flash drive (for which they have the firmware) and manipulate it.
The result is that the USB flash drive will trick your computer, pretend it is a keyboard and then execute some commands. Your computer cannot tell the difference if the input it gets is coming from you typing on the keyboard or if the manipulated USB device is actually sending commands. Both inputs look the same to your computer. For an attacker to do this with a USB device, other than the one he is familiar with, is not easy to do.
This threat is real but it has also been present since the introduction of USB, more than a decade ago. It is a weakness of the USB standard and of the most common operating systems such as Windows. Since the operating system has no built-in option to verify the firmware of USB hardware, it trusts that a device that is connected to the USB port is the device type it tells the operating system it is. For executables, your operating system checks their integrity using a process called "code signing”. This code signing check is not available for the firmware operating in a USB device.
If an attack occurs using the BadUSB method, your computer can be infected with any kind of malware. This is what your Anti-Virus (Anti-Malware) solution will or will not detect. At that point, it will be unfortunately too late, since your computer will have been compromised until it will have been disinfected, which could take hours, days or weeks. Please remember that at this stage this is just a proof of concept and there are no actual known attacks “in the wild”.
BadUSB can act like different input / output devices like physical keyboard, mouse, network adapter, phone, tablet, webcam, or authentication token. For example, if it pretends it is a keyboard or mouse, the malicious software can inject keystrokes and mouse clicks, performing multiple actions on the computer, like launching Microsoft Outlook and sending an e-mail to a certain address, with attached files from the user’s computer. If it pretends it is an authentication token, a BadUSB would force the computer to prompt a token password, which can then be stored on the flash drive and retrieved at a later date.
What Endpoint Protector can do to secure your network
What you can do to protect yourself now
Connect only USB devices from vendors you know (e.g. keyboard and mouse from a trusted vendor).
Keep your anti-malware updated. It will not scan the firmware but it should detect if the BadUSB tries to install or run malware.
Use a device control solution like Endpoint Protector that will monitor the use of removable devices connected to your computer.
Learn more on how it helps to control USB and removable devices
Make sure you use strong passwords for your user account on your computer and never leave it unlocked or unattended.
