USB security flaw that lets hackers take over computers discovered


comments

Security researchers have long warned about the dangers of malicious files on infected USB sticks.

But now experts have discovered a much more dangerous threat that is even more widespread, virtually untraceable and much more difficult to solve than simply installing anti-virus software.

The Berlin-based researchers reverse-engineered the software files that control how the USB drive's software works - and revealed how this so-called firmware can be reprogrammed to take complete control of a PC.

Berlin-based researchers  reverse engineered the firmware that controls USB functions, including controller chips that connect a USB to a PC so it can transfer files (stock image pictured). They discovered this firmware can be reprogrammed with malicious code, and this reprogramming is virtually untraceable

Berlin-based researchers reverse engineered the firmware that controls USB functions, including controller chips that connect a USB to a PC so it can transfer files (stock image pictured). They discovered this firmware can be reprogrammed with malicious code, and this reprogramming is virtually untraceable

THE USB FLAW AND HOW TO PROTECT YOURSELF

The flaw affects thumb drives and external hard drives, but also any device that connects to a PC using USB.

This includes keyboards and the mouse, as well as the USB drives used to charge phones and tablets. 

If malicious code is programmed into the firmware, hackers could use it to issue their own commands on a PC, for example.

This includes installing malware, taking over a PC, or redirecting web traffic. 

According to the researchers, this reprogramming is virtually untraceable and can't be patched. 

They added the best course of action is to only use USB devices that are 100 per cent trustworthy. 

Firmware is a software program, or set of instructions, programmed onto a hardware device.

It tells the device how to communicate with other devices, including computers.

 

Firmware can be thought of as 'semi-permanent' since it remains the same unless it is updated by a 'firmware updater'.

Firmware updates are installed the first time a device is used, for example, or to update a device so it works on a new operating system.

Drive manufacturers will often update firmware to improve the performance of their devices.

These changes are made at a central level before being pushed out to individual devices. 

The flaw was discovered by Karsten Nohl and Jakob Lell at Security Research Labs has been dubbed BadUSB.

It affects thumb drives and external hard drives, but also any device that connects to a PC using USB.

This includes keyboards and the mouse, as well as the USB drives used to charge phones and tablets.

'The [USB] interface standard conquered the world over the past two decades thanks to its versatility.

'Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.

'This versatility is also USB's Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.'

By reprogramming the USB central firmware with malicious code, which is then pushed to individual devices, the hackers could gain access to a PC once its connected to an infected USB.

The hackers discovered BadUSB could then be used to issue their own commands, for example.

The flaw affects thumb drives and external hard drives, but also any device that connects to a PC using USB. If malicious code is programmed (stock image pictured) into the firmware, hackers can use it to issue their own commands on a PC. This includes installing malware, taking over a computer, or redirecting web traffic.

The flaw affects thumb drives and external hard drives, but also any device that connects to a PC using USB. If malicious code is programmed (stock image pictured) into the firmware, hackers can use it to issue their own commands on a PC. This includes installing malware, taking over a computer, or redirecting web traffic.

WHAT IS REVERSE ENGINEERING?

Reverse engineering is the process of taking an object apart to see how it works, either to replicate or improve the object.

It is not just used for hacking purposes, and is often used by programmers to find mistakes or errors in code in order to fix them.

Software reverse engineering involves translating a program's binary code back into the source code that it was written in.

This source code reveals to the hackers how the app works, the steps it takes to complete certain tasks and details about the app's structure.

A reverse engineer can use various tools to disassemble a program.

One example is called a hexadecimal dumper, which prints or displays the binary numbers of a program in hexadecimal format, making it easier to read than binary.

Another tool is a disassembler. This reads the binary code and displays each instruction in text form. 

This includes emulating a keyboard and issuing commands on behalf of the user, such as opening files or installing malware.

Such malware could then be used to infect any other connected USB devices.

The device can also spoof a network card and change the computer's settings to redirect web traffic to certain sites.

Mr Nohl and Mr Lell added there are 'no effective defenses from USB attacks.'

'Malware scanners can't access the firmware running on USB devices.

'USB firewalls that block certain device classes do not (yet) exist.

'And behavioural detection is difficult, since a BadUSB device's behaviour when it changes its persona looks as though a user has simply plugged in a new device.'

The researchers are due to present their research at the Black Hat security conference in Las Vegas next week.

'USB has become so commonplace that we rarely worry about its security implications,' they continued. 

'USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe - until now.'

'We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.'

Sadly, because of the nature of the flaw and the wide scope it covers, there is little users can do to protect themselves.

The researchers told Wired the best course of action is to only use USB devices that are 100 per cent trustworthy; ones that users know haven't been used by anyone else and couldn't have been compromised.

 



IFTTT

Put the internet to work for you.

Turn off or edit this Recipe

0 comments:

Post a Comment