Turning USB peripherals into BadUSB

USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.

This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.

Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

  1. A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
  2. The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
  3. A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

Defenses?

No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. Behavioral detection is difficult since behavior of an infected device may look as though a user has simply plugged in a new device. Blocking or allowing specific USB device classes and device IDs is possible, however generic lists can easily be bypassed. Pre-boot attacks may be prevented by use of a BIOS password and booting only to the hard drive.

To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.

Once infected, computers and their USB peripherals can never be trusted again.

More details are available in the slides of our talk at PacSec 2014. (An earlier version of the talk was presentedat BlackHat 2014.) YouTube has a video of the BlackHat talk.

Proof-of-Concept. We are not yet releasing the modified USB controller firmwares. Instead we are providing a proof-of-concept for Android devices that you can use to test your defenses: BadAndroid-v0.2

Questions? – usb [you know what to put here] srlabs.de

USB peripherals can turn against their users的更多相关文章

  1. Linux USB Project

    转自:http://www.linux-usb.org/ Welcome to the home of the Linux USB Project This web site was created ...

  2. USB编程研究之二(常见设备类型的GUID)

    在USB编程之前要事先了解一下GUID的概念. 应用其他网页中的定义: 全球唯一标识符 (GUID) 是一个字母数字标识符,用于指示产品的唯一性安装.在许多流行软件应用程序(例如 Web 浏览器和媒体 ...

  3. 如何在Android平台上使用USB Audio设备

    http://blog.csdn.net/kevinx_xu/article/details/12951131 需求:USB Headset插上去后,声音要从本地CODEC切换到USB Headset ...

  4. linux设备驱动之USB主机控制器驱动分析 【转】

    转自:http://blog.chinaunix.net/uid-20543183-id-1930831.html   ---------------------------------------- ...

  5. usb端点(endpoint)知识详解

    stsw-stm32121库中: 把数据copy到对应端点的发送缓冲区后,使能发送状态编码STAT_TX=VALID,这时候usb的该端点就可以发送数据了 ----->即先调用usb_sil.c ...

  6. USB基础介绍

    (转)USB (Universal Serial Bus) 全文地址:http://vlewang.blog.163.com/blog/static/105878151201032804347546/ ...

  7. High Speed Inter-CHIP USB 2.0 PHY

    转载:http://arasan.com/products/usb/usb-2-0/hsic-phy/ High Speed Inter-CHIP USB 2.0 PHY USB is the ubi ...

  8. Power OFF and ON USB device in linux (ubuntu)

    Power OFF and ON USB device in linux (ubuntu) http://loginroot.com/power-off-and-on-usb-device-in-li ...

  9. Using a USB host controller security extension for controlling changes in and auditing USB topology

    Protecting computer systems from attacks that attempt to change USB topology and for ensuring that t ...

随机推荐

  1. Wifi-Direct

    参考链接:http://developer.android.com/guide/topics/connectivity/wifip2p.html 国内镜像开发文档:http://wear.techbr ...

  2. Ubuntu 安装 Redis

    1. 下载并安装 redis 2.6.16版 sudo mkdir /usr/local/src/Redis cd /usr/local/src/Redis sudo wget http://down ...

  3. Java初学之华容道游戏

    package hhuarongdao; public class example { public static void main(String args[]) { new Hua_Rong_Ro ...

  4. sap快捷搜索菜单栏

    对于像我这样的初学者来说,用好SAP菜单栏是非常重要的.正好,偶然发现了标准的菜单搜索程序,就分享下. REPORT:SSM_SEME T-CODE:SEARCH_SAP_MENU 菜单节点表:sme ...

  5. B+树索引和哈希索引的区别——我在想全文搜索引擎为啥不用hash索引而非得使用B+呢?

    哈希文件也称为散列文件,是利用哈希存储方式组织的文件,亦称为直接存取文件.它类似于哈希表,即根据文件中关键字的特点,设计一个哈希函数和处理冲突的方法,将记录哈希到存储设备上. 在哈希文件中,是使用一个 ...

  6. 开源软件架构总结之——Bash(readline做输入交互式,词法语法分析,进程交互)

    第3章 The Bourne-Again Shell Bash的主要组件:输入处理,解析,单词展开(word expansion)和其他命令处理,管道(pipeline)中的命令执行.这些组件构成一个 ...

  7. struts2拦截器与过滤器

    转载:http://www.cnblogs.com/JohnLiang/archive/2011/12/15/2288376.html 过滤器,是在java web中,你传入的request,resp ...

  8. vs2010 快捷键大全 (转)

    VS2010版快捷键 Ctrl+E,D ----格式化全部代码 Ctrl+E,F ----格式化选中的代码 CTRL + SHIFT + B生成解决方案 CTRL + F7 生成编译 CTRL + O ...

  9. C#图书资源【更新中...】喜欢的就转存吧

    百度分享暂时取消了,需要的朋友可以直接关注我,我发给你. 重点篇 1.C#与.NET3.5高级程序设计 2.C#与.NET3.5高级程序设计.rar 3.Effective_C#_中文版_改善C#程序 ...

  10. NetworkComms网络通信框架V3结构图

    NetworkComms网络通信框架序言 来自英国的c#网络通信框架,历时五年打造,由英国剑桥的2位工程师倾情开发,最新版本V3.x版本.