BAD USB Attack : Turn the USB into Hack Tool
BAD USB Attack executes the malware without any interaction of the Victim (opening the USB or double click on any file not required) .
USB these days have become the prime source of Data transfer . The USB devices are very Ubiquitous , and have been used by everyone .
The Bad USB is an attack where the USB infects the machine without the user even noticing . This attack makes it possible to infect machines with malware and easily spread the malware , and that to undetectable by the user as there is no interaction of user required .
This attack requires the hacker to reprogram the controller chip in the USB peripherals . Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.
BAD USB : Turning the USB into Evil Devices
Once the USB Controller Chip has been Reprogrammed , the USB can be used to spreading the Malware undetected . The Bad USB attack can act evil in one of the following ways :
[box ENGINE=”shadow” align=”” class=”” width=””]
- A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
- The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
- A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
[/box]
BAD USB Source Code has been released . Here is the Github link .
https://github.com/adamcaudill/Psychson
Protection From BAD USB Attack :
No Effective Defences Known yet .
Malware Scanners cannot access the firmware where the malware actually resides in the BAD USB Attack . Behavioural detection is difficult since behaviour of an infected device may look as though a user has simply plugged in a new device.
Also the BAD USB Attack is hard not only to detect but also to clean Up . The Clean up of the malware from the Victim Machine post attack is very difficult to make the matters even worse . Reinstalling the Operating system is the standard response here .
Also to clean-up the USB , reinstalling the firmware is mandatory .