Turning USB peripherals into BadUSB

USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.

This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.

Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

  1. A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
  2. The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
  3. A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

Defenses?

No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. Behavioral detection is difficult since behavior of an infected device may look as though a user has simply plugged in a new device. Blocking or allowing specific USB device classes and device IDs is possible, however generic lists can easily be bypassed. Pre-boot attacks may be prevented by use of a BIOS password and booting only to the hard drive.

To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.

Once infected, computers and their USB peripherals can never be trusted again.

More details are available in the slides of our talk at PacSec 2014. (An earlier version of the talk was presentedat BlackHat 2014.) YouTube has a video of the BlackHat talk.

Proof-of-Concept. We are not yet releasing the modified USB controller firmwares. Instead we are providing a proof-of-concept for Android devices that you can use to test your defenses: BadAndroid-v0.2

Questions? – usb [you know what to put here] srlabs.de

USB peripherals can turn against their users的更多相关文章

  1. Linux USB Project

    转自:http://www.linux-usb.org/ Welcome to the home of the Linux USB Project This web site was created ...

  2. USB编程研究之二(常见设备类型的GUID)

    在USB编程之前要事先了解一下GUID的概念. 应用其他网页中的定义: 全球唯一标识符 (GUID) 是一个字母数字标识符,用于指示产品的唯一性安装.在许多流行软件应用程序(例如 Web 浏览器和媒体 ...

  3. 如何在Android平台上使用USB Audio设备

    http://blog.csdn.net/kevinx_xu/article/details/12951131 需求:USB Headset插上去后,声音要从本地CODEC切换到USB Headset ...

  4. linux设备驱动之USB主机控制器驱动分析 【转】

    转自:http://blog.chinaunix.net/uid-20543183-id-1930831.html   ---------------------------------------- ...

  5. usb端点(endpoint)知识详解

    stsw-stm32121库中: 把数据copy到对应端点的发送缓冲区后,使能发送状态编码STAT_TX=VALID,这时候usb的该端点就可以发送数据了 ----->即先调用usb_sil.c ...

  6. USB基础介绍

    (转)USB (Universal Serial Bus) 全文地址:http://vlewang.blog.163.com/blog/static/105878151201032804347546/ ...

  7. High Speed Inter-CHIP USB 2.0 PHY

    转载:http://arasan.com/products/usb/usb-2-0/hsic-phy/ High Speed Inter-CHIP USB 2.0 PHY USB is the ubi ...

  8. Power OFF and ON USB device in linux (ubuntu)

    Power OFF and ON USB device in linux (ubuntu) http://loginroot.com/power-off-and-on-usb-device-in-li ...

  9. Using a USB host controller security extension for controlling changes in and auditing USB topology

    Protecting computer systems from attacks that attempt to change USB topology and for ensuring that t ...

随机推荐

  1. Ubuntu 14.04 分区方案

    我磁盘大概还有70多G的空间吧,我全部拿来使用的.真实的双系统哦. 一般来讲,linux系统分区最少要包括/和/swap两个.这样据说会影响性能,没有这样安装过,就无从考证啦.其实就是重装系统的时候, ...

  2. [ssc] 数据库管理工具——SQuirreL SQL Client使用入门

    简单介绍: SQuirrel SQL Client是一个用Java写的数据库客户端,用JDBC统一数据库访问接口以后,可以通过一个统一的用户界面来操作MySQL PostgreSQL MSSQL Or ...

  3. java synchronized静态同步方法与非静态同步方法,同步语句块

    摘自:http://topmanopensource.iteye.com/blog/1738178 进行多线程编程,同步控制是非常重要的,而同步控制就涉及到了锁. 对代码进行同步控制我们可以选择同步方 ...

  4. HDUOJ----2571(命运)(简单动态规划)

    命运 Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others) Total Submiss ...

  5. 在VS2010中,引用了同一解决方案的另一个项目的dll,却不能正常调用(转)

    目前发现的原因是,dll的.net 版本比我的程序的高 dll用的.net 4  而程序用的.net 4 client profile 转载源:http://www.cnblogs.com/szyic ...

  6. wordpress为不同的category添加不同的模板

    在category中新建了三个:NEWS,EVENTS,BLOG,当点击这三个category时想使用不同的template生成不同风格的页面,该怎么实现? 一般来说,wordpress的catego ...

  7. VS输入输出基本操作以及数据类型和类型转换

    (一)   C#项目的组成结构 项目结构 .config ---配置文件(存放配置参数文件) .csproj ---项目文件(管理文件项) .sln   ---解决方案文件(管理项目) .cs   - ...

  8. Sui 弹框固定

    SUI是一套基于bootstrap开发的前端组件库,同时它也是一套设计规范,可以非常方便的设计和实现精美的页面,是一个简单易用.功能强大的UI库.自己在使用sui过程之中,总是忘记它的一些Api,今天 ...

  9. 原创:ASP.Net状态管理读书笔记--思维导图

    导图文件下载 课前提问几个问题 使用Session 配置 model aspnet_regsql.exe 常见问答 问:为什么Session在有些机器上偶尔会丢失?答:可能和机器的环境有关系,比如:防 ...

  10. Js数据类型之——Date

    小猪曾经分享过一篇文章,主要是讲到后台使用c#将DataTime类型序列化到前台之后进行操作:具体请看传送门 今天小猪来分享在JS中的Data类型 类型说明 ECMAScript中的Data类型是在早 ...