4
Views
Each of us has their horror stories. Someone still afraid babayku someone stolbeneet at a Tiffany's, and someone can not sleep due to the depreciation of the local currency. All these unpleasant nerve sensations are either an individual or a moderately common in nature. But there are also mass hysteria, affecting all of beings now. In one such hysteria novovyyavlennaya converted digital threat named BadUSB. And it concerns all those who have at their disposal any peripheral device with a painfully familiar USB-connector, for example a USB flash drive.
Heart of the Matter
As usual every year, one of Derbycon-2014 the most influential hacker hangouts marked by vivid exposure of information security, and at once the whole world. To the public was handed tool called BadUSB, which allows to gain unauthorized access to any computer system by connecting the stick. It would seem that each of us has many times removes viruses from your removable drive with antivirus software, which make a noise, then? The fact that the demonstrated technique works on a low-level hardware that is absolutely different principle. And to catch such a threat - it is not trivial, even for specialized software.
Hackers have shown how it is possible to flash the microcontroller standard USB-drive, adding a malicious executable microcode. As a result of manipulation to connect to any operating system, flash drive can pretend to be a totally different device such as a keyboard. And Infested "keyboard", in turn, could secretly perform destructive functions: merge information on the Internet, download other attacking software to control the movement of network traffic and all that same spirit. In addition to this and other infected PC / Laptop USB-devices, such as built-in web-camera. In general, on the horizon you can see the glow of the digital apocalypse.
In fairness it should be noted that to make of the USB-device universal Trojan horse is not so simple - too many variables must be considered. Down and Out but the trouble started!
How to be
Kohl we are talking about an entirely new, sophisticated and a little known method of hacking, then effective ways of protection simply does not.
Our foreign colleagues Mashable We were curious company Symantec - known manufacturer of integrated security software Norton - a vision of the situation. And its representatives told that "traditional antivirus technology can not test drivers running in the USB device." Therefore, users are advised to:
- inserted into the computer only proven USB-devices;
- not acquire or use Used apparatus;
- never leave your computer or mobile device is unlocked or unattended.
Echoes The above advice and Gary Davis (Gary J. Davis), the company responsible person Symantec (family healing tools McAfee): «The best practical advice - avoid flash drives obtained from an unreliable source. For example, the advertising drive, handed to you on any event or presentation. "
Layfhaker took the baton and asked the difficult question of how to protect BadUSB native Runet and no less famous companies around the world "Kaspersky Lab». Contact person of the company reacted very quickly. One feels that working with the media and their readers - not a mere formality.
And that's what we said Vyacheslav Zakorzhevsky, research team leader vulnerabilities "Kaspersky Lab":
Is it scary BadUSB, as he is presented with the media?
In our opinion, BadUSB less dangerous than commonly believed about him. Firstly, it should be remembered that not all of the USB-devices can be reprogrammed. Some of them do not have the ability to overwrite the firmware in principle, others require direct access to the microprocessor device. Thus, the infected computer, which reflash any connected device - rather, far away from the reality of the theory.
If the attacker is still able to find a device that can be patched receiver, they will spend a lot of time and effort to create their own version of the firmware. Typically, USB-device manufacturers rarely disclose detailed information about the program stuffing their products, so cybercriminals will need to know the technique of reverse engineering to produce its own version firmware. Even if in the end be able to create malicious USB-device, hackers will still need physical access to the victim's computer or another way to make sure that the user connects the device to your unknown PC. I am not saying that such a scenario is not possible, but they require very good preparation intruders, carefully thought-out plan of action and, most importantly, a successful combination of circumstances.
What protocol specification at risk?
Both presented the prototype - and the recent one that saw at BlackHat conference - to illustrate the mechanism of attack uses USB 3.0 controller manufactured by Phision. Choice is not accidental: widely available for this controller are flashing utilities, and therefore the protocol of his work was easy to disassemble.
Are there effective methods of protection against threats?
Effective methods to protect against this threat does not exist. However, the probability of infection is minimal, since it is necessary to connect the device to your computer patched receiver sacrifice. In addition, the system administrator can restrict the appearance of unknown devices on the computer that will block, for example, a second keyboard.
Exhaustively.
Total
Yet we summarize. We have long and without BadUSB warned by connecting to a computer flash drives left. While mere mortals have nothing to fear. Threat detection can be implemented with a sight point for a specific person. Therefore, you can relax and not worry about their intimate selfie.
Special thanks to "Kaspersky Lab" for the speed and depth of the responses to the questions asked.
Geeks, experts, what do you think about BadUSB?
Subscribe
YOU MIGHT ALSO LIKE
