A common shortcoming that most of the USB devices possess is one which can be noiselessly made use of to introduce infection into computers. This is done in a fashion which prevents detection and this has been concluded by security researchers themselves.
Most of the USB thumb drives have a major dilemma like several other USB peripherals that they fail to provide protection to their firmware. This refers to that software which is known for running upon the microcontroller which is inside them according to the founder as well as the chief scientist of the Security Research Labs based in Berlin namely Karsten Nohl.
This denotes that the firmware on a USB device can be replaced by any malware program with the help of SCSI (Small Computer System Interface) commands. Nohl further claims that it can be made to act as any other piece of hardware.
This spoofed piece of hardware can then be used imitate key presses as well as transfer commands in order to download and for the execution of a malware program. This malware then can also be used for reprogramming the other USB drives which are put into the infected computer. This way it becomes a self-multiplying virus.
Proof of concepts!
The Security Research Labs have come up with many proof of concept annihilations they it intends to showcase to the Black Hat security conference which will be held in Las Vegas in the coming week.
One of these comprise of a USB stick which performs similar to three different devices. Two of these are thumb drives while one is a keyboard. Once the device is plugged into the computer and detection by the OS takes place, it acts in the capacity of an average storage device. But once the computer is activated again and once the device has detected that it is dealing with the BIOS, it turns this hidden storage device on and also imitates the keyboard.
While acting within this capacity, this device then sends the required button presses to present the main boot menu and this will boot a Linux system which originates from the thumb drive which is hidden. It then infects this boot loader of your computer’s hard disk drive. It then acts like a certain boot virus.
One more proof of concept attack which was developed by the Security Research Labs revolves around reprogramming this USB drive. It then acts like a speedy Gigabit network card.
The USB device also is known to emulate a DHCP (Dynamic Host Configuration Protocol) server and this assigns a DNS (Domain Name System) server to this spoofed controller. The OS will make use of the gateway which has been specified by the real network card and by taking control of the DNS server. This is known to translate the domain names into the IP (Internet Protocol) addresses. In order to depict that the attack is not merely possible via the thumb drives, the researchers will make use of a certain Android phone which is connected with a computer. This is done to imitate a rogue network card.
Any USB drive can be polluted and Nohl says that if you allow anyone to connect a certain USB thumb drive on the computer you trust them with your computer.
The price of convenience
These attacks which have been developed by the Security Research Labs outline the complexity of possessing the characteristics of both a standard USB and its security simultaneously. Unfortunately, this dilemma cannot be fixed. Many efforts have been made by the researchers and but none of them help the problem completely. One point where this problem can be catered to is present in the USB specification. But even if this specification is altered it would take a considerable amount of time before the brand new standard is accepted.
OSes can also inquire users to make sure that the addition of new USB devices to the computers takes place which is a sort of USB firewall. This might be difficult due to the fcat that several USB devices make use of a series of zeros in their serial number and it becomes challenging for distinction to be made according to Nohl.
A very clear place to solve this problem would be the USB microcontrollers and this involves the updating of the firmware to be automatically signed. Nohl also speaks that his team and he himself have not come across such protective measures in several USB thumb drives which they have tested.
Even if the manufacturers commence the implementation of these measures, there will be a need to differentiate between old and new drives. This is to make sure that the users know which device they must insert into their computer and which one they must not.