BadUSB Solution: threats, risks and how to protect yourself
Recently there is wide media coverage regarding "BadUSB".
BadUSB is a way to theoretically manipulate any USB device to be infected with a virus (or other type of malware). This means in plain terms that an attacker will take a regular USB hardware which contains a small microprocessor, manipulate the firmware (which is actually a small operating system for the microcontroller to work) and infect it with malware. This will turn the USB hardware into a tool to manipulate your computer further.
In reality this is very hard to do for an attacker but not impossible. The security researchers that show this threat are usually using a specific USB flash drive (for which they have the firmware) and manipulate it.
The result is that the USB flash drive will trick your computer, pretend it is a keyboard and then execute some commands. Your computer cannot tell the difference if the input it gets is coming from you typing on the keyboard or if the manipulated USB device is actually sending commands. Both things look the same to your computer. For an attacker to do this with a USB device, other than the one he is familiar with, is not easy to do.
This threat is real but it has also been present since the introduction of USB, more than a decade ago. It is a weakness of the USB standard and of the most common operating systems such as Windows. Since the operating system has no built-in option to verify the firmware of USB hardware, it trusts that a device that is connected to the USB port is the device type it tells the operating system it is. For executables, your operating system checks their integrity using a process called "code signing”. This code signing check is not available for the firmware operating in a USB device.
If an attack has occurred using the BadUSB method, your computer can be infected with any kind of malware. This is what your Anti-Virus (Anti-Malware) solution then will or will not detect. At this point it is unfortunately too late, since your computer has been compromised until it was disinfected, which could be within hours, days or weeks.
Please remember that at this stage this is just a proof of concept and there are no actual known attacks “in the wild”.
What you can do to protect yourself now
What Endpoint Protector can do to protect your network
Endpoint Protector will not compromise users' productivity as any devices can be authorized by the Administrator within seconds. With extremely high granularity, Device Control rights can be set per device, user, computer, group or globally throughout the network.