BadUSB Malware Code Released!
Turns USB Drives Into Undetectable CyberWeapons!
USB is now a major threat to a large number of people who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent Malware installers.
This vulnerability has come about to be known as “BadUSB”, whose source code has been published by the researchers on the open source code hosting website Github, demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
SOURCE CODE AVAILABLE ONLINE TO EVERYBODY
The code released by researchers Adam Caudill and Brandon Wilson has the capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware.
In a talk at the Derbycon Hacker Conference in Louisville last week, the duo were able to reverse engineer the USB firmware, infect it with their own code, and essentially hijack the associated device. The researchers also underlined the danger of the Bad USB hack by going in-depth of the code.
THE GOOD NEWS AND THE BAD
The good news is that this vulnerability presents itself in only one USB manufacturer, Phison Electronics, a Taiwanese company. But the bad side of it is that Phison USB sticks can infect any given device they are plugged into, and the company has not yet revealed who it manufactures USB sticks for. It is still unclear as to how widespread the problem may be at the moment.
A Phison USB stick can infect any type of computer, but it isn’t clear if its able to infect any other USB device that is plugged into them afterwards or not. However, Phison controllers are found in a very large number of USB thumb drives available on the market.
Once compromised, the USB devices can reportedly:
- enter keystrokes
- alter files
- affect Internet activity
- infect other systems, as well, and then spread to additional USB devices
- spoofs a network card and change the computer’s DNS setting to redirect traffic
- emulates a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware
During their Derbycon demonstration, the two researchers replicated the emulated keyboard attack, but also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.
MANUFACTURER DENIES THE PROBLEM
Security researchers tried to contact Phison Electronics, the manufacturer of the vulnerable USB devices, but the company “repeatedly denied that the attack was possible.”
We recommend to only use YOUR own USB memory stick on YOUR computer. Don’t use your memory stick in someone else’s computer and don’t let someone else put one in your computer.
Thanks to The Hacker News for the article.