Researchers warn about 'BadUSB' security flaw

Researchers warn against malware that can live in any USB drive undetected.

By Silky Malhotra Published Date
01 - Aug - 2014
| Last Updated
01 - Aug - 2014
Researchers warn about 'BadUSB' security flaw

Security researchers state that USB drives have a fundamental security flaw that allows an attacker to take over any device it is connected to, whether PC or Android. The malware dubbed BadUSB can instruct devices to redirect net traffic, alter files and more.

Security researchers Karsten Nohl and Jakob Lell from German security firm SR Labs have reverse engineered the firmware that controls the basic communication functions of USB. The researchers have also written a piece of malware, called BadUSB, that can “be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.” The researchers are gong to present their report at the Black Hat conference next week.

The researchers stated that even if a PC was completely protected against standard malware, the malware can imitate a keyboard or mouse to take control of PCs. The researchers even managed to hack the USB controller in an Android handset connected to a PC.

The malware is undetectable and could be easily added to a USB key when it is inserted into a PC, and infect the device that it’s connected to. Researchers claim that there is no protection against this attack, except for never sharing USB devices.

Nohl stated, “These problems can’t be patched. We’re exploiting the very way that USB is designed. You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s clean, [but] the cleaning process doesn’t even touch the files we’re talking about.”

Recently CERT-In had warned against virus 'Bladabindi' that spreads through pen drives and steals sensitive personal information. The advisory states that the virus affects “Microsoft Windows operating system” and can assume as many as 12 aliases to steal personal information from a pc. The malware steals Chrome/Firefox passwords, can check for camera drivers and install DLL plug-in to record and upload videos to remote hackers.

Source: Wired