Bad USB Defense Strategies

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.

Listen To Karsten's Talk: Bad USB On Accessories That Turn Evil )

Possible Ways To Mitigate Bad USB Threats

  • Whitelisting USB devices
  • Block Critical Device Classes, Block USB Completely
  • Scan Peripheral Firmware For Malware
  • Use Code Signing For Firmware Updates
  • Disable Firmware Updates In Hardware

Limitations In Bad USB Mitigation Strategies

  • Whitelisting USB devices
    • Unique Serial No. may not be available in some USBs
    • Operating Systems don't support any USB Whitelisting
  • Block Critical Device Classes, Block USB Completely
    • Ease Of Use will override
    • USB usability is highly reduced if basic classes are blocked
      (Basic classes can be used for compromise)
  • Scan Peripheral Firmware For Malware
    • Very challenging, Malicious firmwares can spoof a legitimate one
  • Use Code Signing For Firmware Updates
    • Unauthorized updates still have a high chance eg. implementation error
    • Challenges in implementing secure cryptography on microcontrollers
    • Challenges in implementing for all devices
  • Disable Firmware Updates In Hardware
    • Most effective, however this may be available only for new devices

Threat

  • Present Security Solutions cannot detect malicious intent of USB
  • It can be used for spying,data theft,data tampering,almost anything-it can take control etc.
  • Security has to be built in before commercializing the product-no response yet on that!
  • Post Derbycon Hacker Conference 2 researchers have made some attack codes public-this puts millions of us at risk

( Read More: Top IT Security Conferences In The World )

 

References

1. Extracts have been taken from 'Bad USB On Accessories That Turn Evil' Talk by Karsten Nohl during Annual Summit, 2014. Click Here For Full Talk

2.http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html

3.http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

4.http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/

E-mail me when people leave their comments –

CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

Best of the World Talks on The CISO's Journey: From Expert to Leader

  • Description:

    We are hosting an exclusive "Best of the World" Talks session on "The CISO’s Journey: From Expert to Leader" featuring David B. Cross (SVP & CISO at Oracle), Bikash Barai (Co-founder of CISO Platform & FireCompass) & David Randleman (Field CISO at FireCompass).

    The journey from cybersecurity expert to strategic leader is a transformative one for CISOs. This session delves into the stages of a CISO’s evolution, the balance…

  • Created by: Biswajit Banerjee
  • Tags: ciso