Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Threat Level for BadUSB Malware has Increased

b2ap3_thumbnail_badusb_is_dangerous_400.jpgThis past August, we reported on a new vulnerability with USB firmware called BadUSB. This vulnerability was discovered by Karsten Nohl of SR Labs. The BadUSB vulnerability was presented at the Black Hat security conference as a theoretical risk, but now, the code has leaked and this risk has become a reality. Oops.

This is pretty grim news because it essentially means that every USB device is at risk. When you stop and consider how dependent we've all become on USB technology, it becomes a fairly overwhelming risk that we're all facing. How exactly does BadUSB put your device at risk? To answer this, let's revisit our blog article from this past August.

They came to the conclusion that the USB software is fundamentally broken and can be exploited by hackers. This is a major find because they're saying that it's the firmware used in every USB device that is flawed, which is separate from the flash memory the device uses to do what it's designed to do.

To bring attention to this USB vulnerability, the two researchers created a malware called BadUSB. This malware has the potential to comprise an entire PC if it's installed on a USB drive. This malware can alter files, manipulate Internet browsing, and more--all without being detected! BadUSB is able to bypass detection measures from security protocols such as antivirus scans by embedding itself within the firmware that controls the functions of the USB device. Therefore, even if the device's flash memory storage were deleted, it wouldn't erase the BadUSB malware.

Essentially, once a device becomes infected with BadUSB, the malware is on there for good and it can't be fixed. A simple patch won't do the trick. The problem lies within the physical device itself and would take rewriting the code of the USB device.

Then there's this word of warning that we issued last month. This is one of those rare times where it doesn't feel good to be right:

If this malware were to be used by hackers and become widely distributed, then the only way to counter BadUSB would be to stop using USB devices altogether.

Herein lies the core of the problem with BadUSB; even though the original discoverer of the vulnerability made it a point to not release the code, it has still somehow leaked and USB devices around the world are now vulnerable. The hackers responsible for the leak are Adam Caudill and Brandon Wilson. At the Derbycon conference, they spoke of how they successfully reverse-engineered the firmware, and in order to escalate the risk, they went ahead and publicly posted the code to Github.

Why in the world would a hacker do such a dastardly deed? Do they enjoy watching the world burn? Are they anarchists who want to see society crumble? Not so much. These hackers are actually concerned about digital security, so they publicly released the code as a way to challenge the USB device manufacturers to step up their game and come up with a fix. Caudill explains his actions to WIRED magazine:

If the only people who can do this are those with significant budgets, the manufacturers will never do anything about it. You have to prove to the world that it's practical, that anyone can do it...That puts pressure on the manufactures to fix the real issue.

Basically, if USB manufacturers don't act and secure their USB firmware, then all of our PCs and smartphones can be turned in reprogrammable computers. According the BadUSB malware's architect Karsten Nohl, a fix that redesigns the USB would take ten years to implement due to the widespread use of USB technology. All of this makes BadUSB a very scary costume choice for your office's upcoming Halloween party.

How do you prevent your device from becoming infected with the BadUSB malware? The answer is to be extra careful about what you plug into your USB port.

  • Only allow trusted USB devices to connect to your PC.
  • When using your USB device in public, don't give hackers a chance to upload the malware by leaving your device unattended.
  • From here on out, if you've got a chance to avoid USB technology, then do so.

Whether or not you agree with Caudill's and Wilson's actions to release the BadUSB code, the reality of the situation is that your data is now less safe today than it was back in August. For more tips on how to protect your technology from new threats such as this, call Bardissi Enterprises at (215) 853-2266.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, 23 November 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...