How Bad is ‘BadUSB’ Malware?

USB sticks are a common sight, and you’ll find computer users carrying them around in their pockets to share with others. However, they often forget that USB devices can have dangerous viruses and malware. Although these devices are equipped with faithful antivirus programs that obliterate infections, there are certain security threats that are much more harmful and difficult to identify than we think. The very core of their working mechanism can damage digital devices such as computers and other USB sticks.


Photo: You can more / Shutterstock

According to a Berlin-based research group, the software that supervises the working mechanism of a USB drive can be reprogrammed to acquire the complete control of a user’s PC/laptop.

This security threat is quite tricky to decipher, and is virtually untraceable by anti-virus programs currently available in the market. An attacker could get hold of the device by simply inserting a ‘control chip’ in a USB drive that connects to the computer. They can then control the PC to steal data or just sit quietly and spy on the user’s activities.

German security researchers Jakob Lell and Karsten Nohl will soon explicate the security threat by demonstrating how they reverse engineered the USB firmware that manages the basic functions of the memory stick. They have created a malware called BadUSB, which can be easily installed on a USB drive to gain unauthorized access to a user’s PC. This malware can be used by the attackers to invisibly modify files installed or copied from the USB stick and redirect the user’s Internet traffic to shady websites.

In all probability, a computer user will not even notice the attack since BadUSB dwells in the firmware of the device instead of the flash memory storage. An average user will realize that something is wrong only when the files stored on their device will start disappearing. To make matters worse, the researchers explain that this threat is not easily fixable. In fact, no existing security measures can resolve the threat without stopping the computer from getting connected to the infected USB drive.

How the Malware Works

How is such an attack even possible? The problem lies in the fact that no antivirus program or any other security mechanism inspects the firmware while making a connection. According to Nohl, the controller chips installed in the USB devices can easily be spoofed. While the malware moves the data without the permission of the user, the computer does nothing, thinking that a USB is connected so it’s OK to move data.

Nohl and Lell’s team conducted tests with several different devices and realized that all kinds of USB devices can be controlled using this technique. An attacker could inject malware into a PC and can even cause irreversible damage to the machine by using this potent technique. The malware is also capable of redirecting the user’s Internet traffic by invisibly modifying the computer’s DNS settings. If your Internet enabled phone or a similar device is being targeted, the code can be used to secretly spy on your communications.

What makes this security threat even more difficult to handle is its ability to work both ways. The infection can be transmitted from a USB stick to a computer and vice versa; and to make things worse, once a USB malware has infected a system, there is no easy way to clean it up; the user has to reinstall the operating system.

Who is at Maximum Risk?

Even though this security threat has a great ability to cause a digital epidemic, it can only work once the device is connected to an infected USB. Serious problems will arise when an attacker will be able to insert the malware into a supply chain, for example in an office environment. In order to counter the threat, companies need to change their USB policies. Employees should use devices manufactured by a trusted company or implement code-signing protections while using office devices.

In order to counter this threat, an effective security model needs to be established. The first step would be to convince device manufacturers that the threat is real. Another security measure which can be adopted is to treat USB drives like hypodermic needles. You won’t be able to share your device with other people, negating the very purpose of an external storage device. If no concrete counter measure is soon formulated, people will start using their digital platforms with suspicion and fear. If Nohl is to be believed, users will stop trusting their computers altogether. Someone has to come up with a solution, and fast.