German security researchers today announced they found a serious vulnerability in USB. According to the researchers the vulnerability can hardly be detected and can’t be fixed. The German researches write on their website that they’ll reveal all details on the vulnerability during BlackHat 2014 held on August 7th this year.
A security vulnerability in USB can be considered very serious, not only nearly all computers have an USB port, also mobile phones, TVs and media players can contain USB ports. The researchers write that the vulnerability exists because it’s easy to reprogram the firmware of USB devices. By reprogramming they can be turned into limitless malware machines. Possible attacks could be emulating a keyboard and issue commands on behalf of the logged-in user, logging all keystrokes, spoofing a network card and change the computer’s DNS setting to redirect traffic or booting a virus from an USB drive.
The worst part is that there is no defense against those attacks according to the Germans. They state about that, “no effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. USB firewalls that block certain device classes do not (yet) exist. And behavioral detection is difficult, since a bad USB device’s behavior when it changes its persona looks as though a user has simply plugged in a new device.”
Also trying to remove the malware by reinstalling the OS doesn’t help, the malware might have already infected other USB devices connected to the system. And even if all those USB devices are detached, the malware might have replaced the system’s BIOS e.g by emulating a keyboard and unlocking a hidden file on the USB thumb drive
The researchers consider the vulnerability so serious that they write, “once infected, computers and their USB peripherals can never be trusted again.”