The most attractive strength can often become a tragic downfall, as proven in many a Greek myth. But we’ve never heard of the turned hero infecting our equipment and networks with malware – until now. USBs are everywhere. They’re the connection between your personal, work, and family networks. If your USB has malicious intent that you’re unaware of, you’re putting all those aspects of your life in danger.
Exactly what rose the USB to storage, power, and connection stardom is what makes the device so potentially detrimental to your system. The ambidexterity we take for granted from these versatile tools is what prevents us from protecting ourselves from the harm they can cause. The peripherals of the device are vulnerable to reprogramming – considering they must be adaptable to serve their varied purposes – and the change they may undergo is one that can damage your equipment. Since you would simply associate the change in conduct to various uses of the USB, you would assume no negative intention from its behavior. But the benign nature of the USB would become malicious under your nose, and you’d be opening the door and inviting it to invade your cyber presence.
SRLabs security researchers Karsten Nohl and Jakod Lell have pioneered the analysis of what they call “BadUSB” behavior, and have outlined the methods USB malwares have developed to infiltrate your system:
- A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
- The device can spoof a network card & change the computer’s DNS setting to redirect traffic.
- A modified thumb drive or external hard disk can — when it detects that the computer is starting up — boot a small virus, which infects the computer’s operating system prior to boot.
So how can you defend yourself from a USB attack?
The bad news is there are no consistently reliable security measures against USB threats yet, since their potential danger is so newly discovered. Malware detectors/alarms cannot yet recognize the corrupted firmware overtaking USBs, and the firewalls created for the connector do not prevent specific device classes. Sensing the malignant conduct is extremely difficult, seeing as the behavior of a USB is fluid depending on its assigned device and use, so the alteration of its performance is typical of its appliance.
However, Brash Concepts stays aware of all the potential risks your system can face. We work with forerunning security electronic professionals to customize safety precautions for your network, from USBs to standard viruses. Our technicians work with you to clear every USB that your company uses, diminishing the danger as much as possible. With us, you’ll be prepared for anything, even when the threat comes from your own equipment.