The digital world is constantly under threat from security breaches, but often an attack prevails over even the best defenses. Case in point, a new attack to be outlined at the annual Black Hat security conference which, among the usual spate of interesting tricks, touts itself as one of the most significant threats ever seen.
BadUSB, as it is appropriately known, is an exploit quite unlike anything previously demonstrated because, unlike most USB-based exploits that contain malicious code that can be transferred to a device and begin working their evil deeds, this one is embedded into the firmware.
The result of this technique is an exploit that can scarcely be traced, very, very difficult to outwit, and essentially, poses a significant threat that turns the battle against hacks completely on its head.
As detailed by Berlin-based outfit SR Labs, the inherent flaw prevalent in USB devices would permit an intruder to bypass any kind of security measure in place, and SR Labs’ Karsten Nohl is describes the BadUSB technique as “like a magic trick” in that it can completely avoid detection.
Obviously, it’s better that Nohl and his team has worked this formula out rather than, say, a mass crime ring, but this is scant consolation given the severity of the discovery. The firmware-based hack can infiltrate USB sticks, mice, keyboards and other peripherals, and so even if a USB drive was formatted and completely relieved of its contents, BadUSB would still be lurking behind the scenes ready to pounce.
What’s even more alarming, aside from the fact that it’s extremely covert and near impossible to counteract, is that it’s basically unpatchable, and unless USB drives were recalled and the whole standard abolished with immediate effect, it’s that dormant volcano that could wreak havoc if placed into the wrong hands.
To the credit of SR Labs, this is the very best kind of hack one could imagine to achieve. It’s not just about establishing a hack and running with it, but, as as Nohl describes, exploits “the very way that USB is designed.”
The keynote at Black Hat, to be held next week in Las Vegas, Nevada, is entitled “Bad USB – On Accessories that Turn Evil,” and we’ll have all of the relevant details of this ominous-sounding talk right here at Redmond Pie.