Lighthouse Technology Solutions Blog

  • Home
    Home This is where you can find all the blog posts throughout the site.
  • Tags
    Tags Displays a list of tags that have been used in the blog.
  • Archives
    Archives Contains a list of blog posts that were created previously.
Posted by on in Security

USB Software is Bad to the Bone, Literally

b2ap3_thumbnail_badusb_a_threat_400.jpgUSB devices have long been a staple of the technology world, but are notoriously vulnerable to exploitation from hackers and malware. As malware grows more and more sophisticated, you can no longer trust simple antivirus scans to protect your business.

Unfortunately, it has less to do with what the USB carries than what it is made out of. Researchers Karston Nohl and Jakob Lell plan on presenting their findings which dictate that USB software is fundamentally broken; in other words, it's the software itself that is the problem, not what the devices themselves contain. Nohl and Lell created a type of malware called BadUSB, which when installed on a USB drive and can potentially compromise a computer, alter files installed with the drive without being detected, and mess with the user's Internet browsing.

Bad to the Bone
BadUSB lives up to its name due to how difficult it is to locate, especially post-exploitation. BadUSB lies within the firmware that controls the functions of USB devices, not in the flash memory storage of them. This lets the attack code remain undetected even after the device's storage has been deleted or scanned by antivirus software.

What's even worse is that this isn't a problem that can be fixed. The total compromise that BadUSB displays is impossible to counter completely (unless USB drives are banned altogether - something that is both inconvenient and frankly, not possible for most PC users). It's not as simple as patching software, as the vulnerability lies in rewriting the code within the device.

Nohl and Lell aren't the first to point out these glaring vulnerabilities in USB firmware. While they could have easily copied the code into the USB device's memory, they spent month's reverse-engineering the controller chips, which is the part of the device that is responsible for communicating with the PC. Basically, the USB firmware's code can be reprogrammed to hide malicious code. This prevents even experienced IT technicians from detecting the code and scrubbing it, making it all but impossible to detect without reverse-engineering the code and discovering its presence.

These days, anything with wires is considered a hindrance. The same is true for most technical devices, including wireless keyboards and mice. These utilize USB technology, and as such, they are vulnerable to being reprogrammed and exploited. Once BadUSB makes its way into the system, it can do all sorts of unpleasant things, including replacing software with malicious alternatives, impersonating a wireless keyboard, and hijacking Internet traffic. It can even spy on unsuspecting victims, too.

We're Here to Tell Ya Honey...
The only sure-fire way to keep yourself safe from USB devices is to not use them, but for most of us, that isn't an option. USB drives are too useful for moving data, and forget about not using a wireless mouse. The easiest solution is to not use USB devices that you don't trust or are unfamiliar with, but a long-term solution hasn't made itself available yet. As previously mentioned, the problem lies in the gadgetry of USB technology, and in order to "patch" the problem, USB technology would have to change.

This isn't a threat right now (at least as far as we know) since Nohl and Lell didn't create BadUSB maliciously. It's not spreading across the Internet or via USB devices, but instead they are proving that it could be a threat in the future. Eliminating USB devices from your life isn't feasible, but it does carry into your BYOD policy. You want to control what devices your employees are connecting to your network and workstations.

If you are concerned about the quality of your network's security, you should contact Lighthouse Technology Solutions at 703-533-LTSI (5874). We'll take steps to ensure that you are only allowing secure devices to access your network, and we'll equip you with an enterprise-level security solution to screen any foreign entities.

Tagged in: Malware Memory Security

With over 15 users experience of providing IT solutions and advice. Mixing innovations in technlogy with clients requirements is rewarding and inspiring when we sit down to measure the results.


  • No comments made yet. Be the first to submit a comment

Leave your comment

Guest Tuesday, 02 June 2020

EasyBlog Latest Blogs

Things That Go Bump in the Server Closet
Halloween is a time to conjure up things that give people the creeps. Scary sounds are just one way to send shivers up the spine. Sounds like, howling werewolves, zombie groans, chainsaws, and bloodc...
Continue Reading...

Latest News

Our Site Has Launched!


Welcome to Our New Site!
We are proud to announce the unveiling of our new website at Lighthouse Technology Solutions!


Contact Us

Learn more about what Lighthouse Technology Solutions can do for your business.


Call us today
703-533-LTSI (5874)

119 Lounsbury Place
Falls Church, Virginia 22046