Turning USB Peripherals into BadUSB

USB devices is connected To–and in many cases even built into–virtually all computers. The interface standard conquered, the world over the past, and the decades thanks to their versatility:almost any computer periph eral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over the USB to charge their batteries.

This versatility was also USB ' s Achilles heel:since different device classes can plug into the same connectors, one type O F device can turn into a more capable or malicious type without the user noticing.

reprogramming USB Peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, with no protection from such reprogramming.

badusb–turning devices Evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

1. A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or ins Tall malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
2. The device can also spoof a network card and change the computer's DNS setting to redirect traffic.
3. A modified thumb drive or external hard disk Can–when It detects then the computer is starting up–boot a small virus, Which infects the computer ' s operating system prior to boot.

Defenses?

No effective defenses from USB attacks is known. Malware scanners cannot access the firmware running on USB devices. Behavioral detection is difficult since behavior of an infected device could look as though a user have simply plugged in a n EW device. Blocking or allowing specific USB device classes and device IDs is possible, however generic lists can easily be bypassed. Pre-Boot attacks May is prevented by use of a BIOS password and booting from the hard drive.

To make matters worse, cleanup after an incident are hard:simply reinstalling the operating system–the standard response To otherwise ineradicable malware–does no address BadUSB infections at their root. The USB thumb drive, from which the operating system was reinstalled, may already was infected, as May the hardwired webcam or other USB components inside the computer. A BadUSB device may even has replaced the computer ' s Bios–again by emulating a keyboard and unlocking a hidden file on The USB thumb drive.

Once infected, computers and their USB peripherals can never be trusted again.

More details is available in the slides of the Pacsec 2014. (An earlier version of the talk is presented at Blackhat 2014.) YouTube has a video of the Blackhat talk.

proof-of-concept. We is not yet releasing the modified USB controller firmwares. Instead we is providing a proof-of-concept for Android devices so can use to test your defenses:badandroid-v0.2

Questions? – USB [You know-put here] srlabs.de

Turning USB Peripherals into BadUSB