Grant McMaster outlines the implications of USB Malware
The clever people at network security firm Black Hat have found a new, and quite worrying weakness in the geography of our electronic lives that puts anyone and anything with a USB interface at risk.
Over the past twenty years the popular and versatile Universal Serial Bus interface has conquered the computing world. Almost everything electronic now has a USB interface, whether it’s your PC, your phone, your car or your television, and these are just the obvious mainstream devices.
Most modern hospital and scientific instrumentation possesses a USB device, as do ATMs, elevators, well…you get the point.
All USB devices possess a control chip, which control its functions.This controller chip system was designed a couple of decades ago and despite improvements hasn’t changed much.
Therein lies the problem.
Hailing from a more innocent and less technologically sophisticated era, the USB controller is isolated from being accessed by most software on a host device. Worse still the hardware itself is reprogrammable by specialised software and has no inbuilt code-signing or hardened firmware to protect it.
This means that any USB device may be reprogrammed to install malware upon your device, and the device doing so could be anything with a USB port.
And it’s not only USB drives that are a risk, but also other common USB items such as webcams, mice, keyboards, mobile phones, bluetooth or wireless dongles and headphones could carry the malware.
Reprogrammed devices are impossible for current malware and virus scanners to detect, and the potential damage is not only undetectable but may also be unrecoverable.
Once plugged in the malware can emulate keystrokes, commanding your computer to perform specific hidden tasks such as logging your financial details, it could access your network card and route all your traffic through specific servers, it could even write itself to your BIOS and bring your system to its virtual knees.
In mobile phones it would be possible for such malware to monitor and report on all communication, and even report where the phone was at any given time.
Reinstalling your OS or performing a factory reset is unlikely to get rid of the problem. If the device has an inbuilt USB then the malware could copy itself to that controller, and then regardless of how many times you reinstall your OS or factory reset you would remain infected.
You’d never be able to trust that device again.
Evidence of these exploits being used came to light famously in the media furore over Edward Snowden, where the NSA listed a ‘Cottonmouth’ device, which is reported to offer a wireless bridge into any secure network as well as the facility to implant exploit software into the remote system.
It’s not all bad news though, hardware developers are aware of the problem and devices such as the ‘Iron Key’ are starting to appear. These USB drives use hardware based security keys that protect the controller mechanism, thus making it much harder to turn it into the computing equivalent of a dirty hypodermic.
Still, it’s early days and until there is a widespread overhaul of the way USB devices operate it’s important to be aware that a problem exists. Other tips to follow include…
- Try and keep all USB devices isolated to one computer.
- Where possible, transfer files using online services such as Drop Box or Google Drive.
- Regularly virus scan and format USB drives.
- Above all else, make sure you keep up to date and regular backups.