BadUSB attacks are ISSRs’ worst nightmare around the world.
Simply because the devices used in these attacks can take many different forms: all it takes is a microcontroller and a USB port such as the ones found in keyboards, screens, electronic cigarettes, USB fans, USB keys,… This security breach was discovered in 2014? long after the first appearance of USB ports in 1996.
How does it work ?
The USB port was developed in order to standardise the connectors of external devices on PCs. When you plug a device (webcam, bluetooth dongle, …), its microcontroller transfers an ID to the PC that defines its function (device class). The PC then uploads the driver that enables it to communicate and execute the corresponding functions.
Microcontrollers constructors don’t bother developing a specific product for each type of device. They offer standard microcontrollers to which the firmware of any given device class can be applied.
It’s this universality of the USB port that is used in BadUSB attacks. Hackers have found a way to modify the firmware : for instance, a modified Webcam can send a “keyboard” device class ID to the PC which will then upload everything it needs to recognize a combination of keys, lines of command or a computer program…
It all goes very fast (more than 1000 commands per minute), and usually, the user doesn’t notice anything, especially if the hackers thought of everything (hide the dialog windows, alternate rapidly between the standard device class and the malicious one, …).
The situation is preoccupying because 50 % of the microcontrollers currently on the market can be modified, which explains the ISSRs concern. Antiviruses aren’t able to detect this threat because the computer “thinks” it’s communicating with the user (via keyboard or mouse) or with a device connected by the user.
In order to reach the same goal, hackers can also replace the device’s electronic card by a card of their own (Rasberry Pi, Pi Zero, …. open source solutions that are quite cheap and easily programmables) and only use the device’s outer case.
How can you protect yourself ?
- By using devices whose firmware and electronic card can’t be altered ;
- By avoiding to connect potentially contaminated devices directly on the PC ;
For more information, please contact us !