Devices compatible with the USB interface have come into our life, and surely each of you has a pocket USB-drive, which is popularly called a “flash drive”. Be aware that from now on, no USB gadget can guarantee you the safety and security of your personal data.
SR Labs security engineers Karsten Nol and Jacob Lell plan to publish the results of their research next week, which revealed a critical USB interface vulnerability, which for some reason no one has discovered so far. Did you not find out or simply did not publish this important information for your own selfish purposes? This is a very important question.
Researchers specifically for their demonstration wrote a special virus BadUSB, which can infect almost any USB-device. After the device is connected to a personal computer - the virus is able to take under its full control all important systems, including redirecting Internet traffic, background transfer of user files to a remote server and much, much more.
The BadUSB virus is designed in such a way that it is not stored in the flash memory of devices, so the user cannot see or delete it from his device. The virus lives in the firmware of a USB device and controls all its basic functions. There is simply no way to remove a virus from a gadget. In order to clean the malicious code from the device firmware, extensive knowledge of the programming of controllers and reverse engineering is required.
“This vulnerability needs to be fixed as soon as possible, because we managed to use for our virus the basic capabilities incorporated into the USB interface by its developers,” says Carsten Noll in an interview with “If the vulnerability is not fixed, we will have to throw away our flash drive every time after it has been connected to any computer that we don’t trust.”
The worst thing in the whole situation is that the virus can infect almost any device that connects to the USB port. It can be your keyboard, mouse, smartphone, various desktop gadgets and much, much more. Given that USB firmware devices do not have any digital signatures, the virus can completely unnoticed access to any files on the infected computer. Researchers claim that, most likely, employees of such government agencies as the NSA have long used this vulnerability for their own purposes.
To trust or not to trust USB devices after such a loud announcement is up to you. But one thing is clear for sure: in the modern information world, one cannot remain in complete safety anywhere.
The article is based on materials .
Comments
Post a Comment