Cookie Policy
We use cookies to improve your experience on our website. If you continue without changing your cookie settings on your browser, we'll assume that you are happy to receive all cookies on the Zycko website. To learn more about how we use cookies, please see our cookie policy.
 
 
  • Overview

BadUSB Solution: threats, risks and how to protect yourself

Recently there is wide media coverage regarding "BadUSB".

BadUSB is a way to theoretically manipulate any USB device to be infected with a virus (or other type of malware). This means in plain terms that an attacker will take a regular USB hardware which contains a small microprocessor, manipulate the firmware (which is actually a small operating system for the microcontroller to work) and infect it with malware. This will turn the USB hardware into a tool to manipulate your computer further.

In reality this is very hard to do for an attacker but not impossible. The security researchers that show this threat are usually using a specific USB flash drive (for which they have the firmware) and manipulate it.

The result is that the USB flash drive will trick your computer, pretend it is a keyboard and then execute some commands. Your computer cannot tell the difference if the input it gets is coming from you typing on the keyboard or if the manipulated USB device is actually sending commands. Both things look the same to your computer. For an attacker to do this with a USB device, other than the one he is familiar with, is not easy to do.

 

This threat is real but it has also been present since the introduction of USB, more than a decade ago. It is a weakness of the USB standard and of the most common operating systems such as Windows. Since the operating system has no built-in option to verify the firmware of USB hardware, it trusts that a device that is connected to the USB port is the device type it tells the operating system it is. For executables, your operating system checks their integrity using a process called "code signing”. This code signing check is not available for the firmware operating in a USB device.

If an attack has occurred using the BadUSB method, your computer can be infected with any kind of malware. This is what your Anti-Virus (Anti-Malware) solution then will or will not detect. At this point it is unfortunately too late, since your computer has been compromised until it was disinfected, which could be within hours, days or weeks.

Please remember that at this stage this is just a proof of concept and there are no actual known attacks “in the wild”.

What you can do to protect yourself now
1. Connect only USB devices from vendors you know (e.g. keyboard and mouse from a trusted vendor like Logitech).
2. Keep your anti-malware updated. It will not scan the firmware but it should detect if the BadUSB tries to install or run malware.
3. Use a device control solution like Endpoint Protector that will monitor the use of devices connected to your computer.

What Endpoint Protector can do to protect your network
Further extending the Device Control capabilities, Endpoint Protector can identify and manage additional USB keyboards and USB modems. Therefore, any additional devices can be automatically blocked, providing protection against BadUSBs.

Example:
1. Deploy Endpoint Protector - Device Control in the network (this will provide control over USB and peripheral ports).
2. Set your USB device policy (by default, if present, 2 keyboards are allowed).
3. Any additional USB keyboard will be blocked (most likely any 3rd keyboard is not a keyboard but could be a BadUSB device).

Endpoint Protector will not compromise users' productivity as any devices can be authorized by the Administrator within seconds. With extremely high granularity, Device Control rights can be set per device, user, computer, group or globally throughout the network.

 

 

Back to Top
For more information:
Contact our specialist teams
 
 
For a database of user manual, datasheet, or software update, please access the Resource Centre