Sunday, 03 August 2014 20:41

BadUSB exploit not really all that new, but still very bad indeed.

Written by
Rate this item
(0 votes)

Reading time is around minutes.

One thing I find interesting is the lack of any real memory in the technical press. It seems that the people that write about trends and events happening in the technical world often do not remember what has happened before. We saw this with the HeartBleed bug and are seeing it again with BadUSB. If you do not know what this is, well it is a new exploit found in the fundamental way USB works.

With this vulnerability the “bad-guys” can drop malware directly into the firmware of the drive. This firmware is what controls the UDB drive (tells it what size, speed etc.). Once something is encoded there, it is unlikely that you are going to get it out without destroying the drive. This firmware is capable of transferring malware to a system that it is connected to and, in theory, can also infect new USB drives or devices that are attached.

Now all of this is very, very bad, but it is not really a new exploit. In 2009 a very smart guy showed how to infect the firmware in a Mac Keyboard. The vector was through the firmware update API and allowed for everything from Keyloggers to more serious root kits to be installed. Because the malware came from a trusted device the commands were interpreted as little more than keystrokes from the keyboard. This malware also survived a complete system reinstall and could be made in such a way that only throwing the keyboard in the trash would fix it.

After that, in 2011, Mac Hacker Charlie Miller showed us that the firmware on Mac batteries could be hacked. Once again this was through the Firmware update process and allowed for some serious malware to be installed. With this hole a malicious individual could actually damage the Mac Book by telling it to send incorrect information to the charging system. This exploit was compounded by the fact that Apple uses, non-user removable batteries.

Basically the idea of firmware altering malware is pretty old. If you wanted to you could say it began with the Chernobyl malware which could actually overwrite the firmware on a system rendering it useless. That is a bit of a stretch as the malware did not reside in the firmware, but on the OS drive. Still you can see that this idea has been around for a while.

Although it is not new BadUSB is a serious threat and not something that can be easily mitigated. The vulnerability is in the core way USB works. It makes it a very serious threat to just about any computer system. This flaw might also be how the NSA and other agencies have quickly installed malware on systems they want to monitor and watch. Maybe it is time to tape up all of those USB ports on your computer in addition to turning them all off. We hope to get more information on this during Black Hat.

Tell us what you think in our Forum

Read 4258 times Last modified on Sunday, 03 August 2014 20:45

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.