Before You Read

Warning: If you are Resistant to Logic, please stay away from this page. Because we will be Persistent with Logic to wear down your Resistance.

Saturday, December 13, 2014

No Defense Against BadUSB Firmware Exploit, Yet

Verdict :

Possible time of origin : July, 2014

Circulation platforms : Internet

Circulation geography : Global

Original Message Version Under Analysis:
BadUSB writes or overwrites a USB device’s firmware code to carry out malicious actions. First announced in July 2014, BadUSB was discovered by a pair of computer researchers at Security Research Labs in Berlin, who then presented their discovery at the Black Hat Conference. The attack is feared because none of the traditional methods of checking for malice on a USB storage device do detect that. The malicious code is planted in the USB’s firmware, which is first executed only when the device is plugged into a host machine. The host machine can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host machine. The malicious firmware code could then plant other malware, steal information, divert Internet traffic. All these may run while bypassing antivirus scans. Moreover this problem isn’t limited to USB devices. In fact, USB devices are the tip of the iceberg. Any hardware device plugged into your computer with a firmware component can probably be made malicious in a very similar manner. 
BadUSB has no defense today, but it may be easily defended against, in the near future. After all, it’s simply  a code/software (stored in firmware), so other protective code/software (to be developed) should be able to defeat it. 

Analysis by Merofact Awareness Team:


Everything said above is entirely true. USB devices are reversibly connected to computers and often even built into virtually all computers. This universal interface standard revolutionized the world over the past two decades, thanks to its versatility. Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over using this ubiquitous technology. This versatility is also it's Achilles heel; Since different device types can plug in via the same connector, one type of device can turn into a more capable or malicious type without the user noticing at all. This is what a BadUSB does. To turn one device type into another, USB controller chips present in peripherals need to be reprogrammed. Most widely spread USB controller chips, including those in USB thumb drives, hardly (if any) have any protection from such reprogramming.
Regular computer users shares USB drives like average business cards, even though we all know that they often carry malware and many of us can remember few bitter experiences. To protect our computer from such undue experience we all depend on antivirus & antimalware scans. In case of some unpatchable trouble, the occasional reformatting keeps our thumbdrives from becoming the carrier of the malware epidemic. But the security problems with USB devices run deeper than we all knew about: Their risk isn’t just in what they detectably carry, it can be built into the core of how they work and talk to the host computer. 
The kind of compromise BadUSB is able to make, is nearly impossible to counter at present without banning the sharing of USB devices. The problem isn’t limited to thumb drives. All types of USB devices from keyboards, mice and webcam to smartphones have firmware that can be reprogrammed in a similar manner a USB memory sticks is made into BadUSB. BadUSB can do whatever one can do with a keyboard attached to a computer, which is basically everything a computer does. In summary BadUSB can do atleast the followings: 
1. Can emulate a keyboard and issue commands on behalf of the logged-in user, for example to download files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
2. The device can also spoof a network card and change the computer’s setting to redirect traffic.
3. It can detect that the computer is starting up and then can boot a small virus, which infects the computer’s operating system prior to boot.
To make things worse, cleanup after an infection is hard, if not impossible. Simply reinstalling the operating system – the last resort response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB connected components inside the computer. A BadUSB device may even replace the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the infected USB drive.
Once infected with BadUSB, the computer and all USB peripherals that came in contact with the infected machine can never be trusted again.
One apparent good news is that this susceptibility is reportedly tested only on one USB manufacturer that is Phison electronics – A Taiwanese Electronics Company. Though Phison sticks can initiate attack on any device they are attached to, but it is not clear whether the established infection will be able to spread to any other USB drive that will be attached into the infected device later on. The company has not yet publicly listed the vendors for whom they manufacture USB sticks. Therefore, currently it is still not very clear, whether the issue really can turn into a digital epidemic.
The other good news is, according to knowledge available over web, at least one company (Ironkey) already does purposefully protect against BadUSB attacks. Their new line of thumbdrive products require that any new updates to its thumbdrives’ firmware be signed with an unforgeable cryptographic signature that prevents malicious reprogramming.

11 comments:

  1. I loved as much as you will receive carried out right here.
    The sketch is attractive, your authored material stylish. nonetheless, you command get
    got an nervousness over that you wish be delivering the following.
    unwell unquestionably come further formerly again as exactly the
    same nearly very often inside case you shield this hike.


    Stop by my web-site - free music downloads (http://twitter.com/Music0Downloads/status/596035206915559424)

    ReplyDelete
  2. I go to see each day a few blogs and sites to read
    posts, however this web site provides quality based content.


    Here is my homepage ... BradleyPPaugh

    ReplyDelete
  3. I was curious if you ever thought of changing the structure of your website?
    Its very well written; I love what youve got to say.

    But maybe you could a little more in the way of content so people could connect with it better.
    Youve got an awful lot of text for only having one or 2 images.

    Maybe you could space it out better?

    Have a look at my site :: FloyQReineccius

    ReplyDelete
  4. My coder is trying to convince me to move to .net from PHP.
    I have always disliked the idea because of the costs.
    But he's tryiong none the less. I've been using WordPress
    on several websites for about a year and am nervous about switching to another platform.
    I have heard excellent things about blogengine.net. Is there a
    way I can transfer all my wordpress posts into it? Any help would be really appreciated!


    Also visit my web-site ... JacklynMHippler

    ReplyDelete
  5. Undeniably imagine that that you stated. Your favorite reason seemed to
    be on the web the easiest factor to remember of.
    I say to you, I certainly get annoyed even as folks consider issues that they just do not know
    about. You controlled to hit the nail upon the highest and defined out the whole thing without
    having side-effects , other people can take a signal. Will likely be back to get more.
    Thank you

    Here is my homepage ... DannetteIGlaspie

    ReplyDelete
  6. Useful info. Fortunate me I found your website accidentally,
    and I'm stunned why this accident did not took place in advance!
    I bookmarked it.

    Here is my web-site ... FerminHSwiney

    ReplyDelete
  7. Keep on working, great job!

    my web blog :: CandiceYEphriam

    ReplyDelete
  8. Hello there! This is my 1st comment here so I just wanted to give a quick shout out and tell you I really enjoy reading your blog posts.
    Can you recommend any other blogs/websites/forums that deal with the same subjects?
    Thanks a lot!

    Also visit my page: BrandenZCorneluis

    ReplyDelete
  9. Greate post. Keep writing such kind of info on your site.
    Im really impressed by it.
    Hello there, You've performed an incredible job. I will certainly digg it and for my part recommend to my friends.
    I am confident they will be benefited from this
    web site.

    Feel free to surf to my web site: quest bars

    ReplyDelete
  10. Why users still make use of to read news papers when in this
    technological globe the whole thing is existing on web?


    My web page - quest bars

    ReplyDelete
  11. 12, 2018, as a part of a Valentine's Day promotion.

    ReplyDelete