A Berlin-based research duo Karsten Nohl and Jakob Lell have created BadUSB, an exploit that enables hackers to easily attack USB devices by controlling and attacking the firmware with malicious software.
Ken Jones, VP of Engineering and Product Management for IronKey, noted that “attacks using USB flash drives are nothing new. Stuxnet is an example of a USB-delivered virus which targeted a nuclear power plant in Iran.
“What has changed with BadUSB is the level of sophistication. It modifies the controller firmware on the device hardware, not the data stored on the device. The infected device can then pass on that infection whether or not there is any data stored on the USB. Preventing BadUSB from infecting a device requires that the controller firmware is locked down and not changeable by an unauthorized agent.
“In order to block BadUSB, USB storage devices need to prevent a hacker from reading or changing the firmware. They also need ensure that the firmware is digitally signed so even if it did get modified, the devices would not operate with the modified firmware. FIPS 140-2 Level 3 certification is validation of these benchmark mechanisms.
“IronKey has always been on the front lines of providing secure USB drives, and its devices have digitally signed firmware with verification on startup. IronKey’s approach, which has been validated by NIST in IronKey FIPS 140-2 Level 3 devices (http://csrc.nist.gov/groups/STM/cmvp/standards.html), means that if the firmware is tampered with, the device won’t function.”
Trey Ford, Global Security Strategist at Rapid7, added, “I’m interested in seeing what Karsten and Jakob have come up with. ‘Do not trust USBs’ isn’t exactly news; USBs have been used in a variety of attacks ranging from masquerading as CD ROMs (launching files via OS auto run permissions) to posing as keyboards, as well as being used to infect machines across air-gaps. It’s good to be reminded that you need to be suspicious of anything you’re plugging into your computer.
“I hope this work introduces clear guidance on how to handle unknown or malicious USBs. I don’t think I’ve seen any really good guidance beyond ‘do not plug in unknown USB drives’.”
About IronKey
IronKey solutions meet the challenge of protecting today’s mobile workforce, featuring secure USB solutions for data transport and mobile workspaces. The IronKey line includes the world’s leading hardware encrypted USB drives, PC on a Stick™ workspaces for Windows To Go, and cloud-based or on-premise centralized secure device management solutions. IronKey is the mobile security portfolio of Imation Corp.
About Rapid7
Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. The company understand sthe attacker better than anyone and builds that insight into it security software and services. Rapid7’s IT security analytics solutions collect, contextualize, and analyze the security data customers need to dramatically reduce threat exposure and detect compromise in real-time. They speed investigations so customers can halt threats and clean up systems fast. Unlike traditional vulnerability assessment or incident management, Rapid7 provides insight into the security state of people’s assets and users, across virtual, mobile, private and public cloud networks.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.