The bad side of USB

Oh great, as if it wasn't bothersome enough knowing that all our online communications are susceptible to government spying with very little we can do about it, now we've come to find out that just by having a USB port, there exists a pretty serious security risk every time we plug in a compatible peripheral. The problem is that virtually any of the millions of USB devices out there can be reprogrammed for malicious purposes, and there doesn't appear to be much we can do about it.

Security Research Labs in Berlin has given a name to the fundamental flaw in USB — "BadUSB." At issue is that every USB device has a controller chip that controls the USB connection to other devices. Those controllers have firmware, and if reprogrammed — which is easy to do since the USB-IF focused more on compatibility than security — a benign device like a keyboard or mouse can suddenly turn evil.

"A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer," SRLabs explains.

The device can also spoof a network card and change the computer's DNS setting to redirect traffic. Unfortunately, there are no known defenses against this other than not using your USB devices. Malware scanners can't access the firmware running USB devices, and behavioral detection isn't reliable since a BadUSB device's behavior simply looks like a user plugged in a new device.

"Once infected, computers and their USB peripherals can never be trusted again," SRLabs added.

The best analogy so far comes from ExtremeTech, which likens the situation to having unprotected sex. In other words, if you plug your USB device into another PC, you can assume it's been compromised.

Original Post by Paul Lilly, Reposted Courtesy of Maximum PC – Covering everything from hi-end gaming PCs to tablets, peripherals and home theater rigs, Maximum PC's print and Web editions stay one step ahead of the fast-changing world of everything computer and computing related. Whether its the latest on building your own desktop system, reviews of the latest laptops and accessories, or roundups of the games and software that make your machine go, Maximum PC brings it to you with news, reviews, and years of expertise. TechnoBuffalo is thrilled to bring you the best of Maximum PC right here on our own pages to keep you immersed in all things digital.