Nothing is safe anymore…
The USB drive: everyone’s favorite tech device. It’s the keeper of movies, music, pictures and other incredibly important, non-nude documents. And it’s also the device that can bring your entire system and network to its knees.
That’s right, the USB drive is probably the least safe device you actively plug into your computer on a regular basis. Think about it though, you pass it around with your friends, family, coworkers and whoever—you plug it in, add files, copy stuff, do whatever else you do with a USB and then unplug it and pass it along again. It’d be like passing around a toothbrush and then being surprised you get sick.
The malware was developed by security researchers Karsten Nohl and Jakob Lell to show that USBs and other devices are flawed.
The biggest problem is that there’s practically nothing you can do about it. Since the malware—named BadUSB—is hidden in the firmware of the device itself, rather than the storage, you can’t really block it. It can’t be patched, since it exploits the way the stick itself functions. It’d be like a virus that can take over your car that is installed in the key you stick in the ignition. So when you install or format the device on your computer, the malware installs itself on the computer and goes DEEP.
Like, real deep. It can alter files installed on the stick without you knowing and even redirect your web traffic by altering the DNS settings to send traffic wherever it wants.
Oh, and it’s not just limited to standard USB flash drives, either. Pretty much any device that uses a USB as a connection can be tampered with. That goes for your mouse, your keyboard, your speakers, your phone—hell, even your personal vaporizer, if that’s how it connects to charge. The danger is everywhere.
So what can you do to protect yourself? Well, don’t be a dummy. Common sense dictates that you don’t go willy-nilly and start running files and loading programs from the USB drive. Don’t install “ThisIsNotAVirusWinkWink.exe” even if it has a really catch and witty name. Don’t accept USBs from people you don’t know or trust, much like you wouldn’t accept a drink in a bar given to you by a guy who has one too many buttons unbuttoned on his shirt. If someone hands you a USB with a note attached detailing a government conspiracy, don’t open it, no matter how cool and action-packed your life may be afterwards.
There’s not much improvement on the USB manufacturers end, given that they would have to radically change how USBs function. Hopefully, things will change once Nohl and Lell present the malware and their findings to the Black Hat security convention.
For more information contact Chris L.