USB Danger

USB's do not seem like a likely danger, but research has found that a USB could give another person full control over your computer! According to an article from WCVB news writer, Jose Pagliery, German researchers found that anything that can connect via USB can potentially be reprogrammed to pose as another device. This is known as BadUSB.

An example of this type of attack is if a USB was programmed to trick your computer into believing it was a keyboard. Once connected, it would allow someone to access your computer, type some commands, and then have total control over your computer. It could even be reprogrammed to reroute your internet traffic so that your internet activity can be spied on, or worse, your private data stolen. This is a huge potential danger, and according to Pagliery, any good computer engineer could do this. 

Other dangers arise if you download the wrong App on your phone, and then connect to your computer. The app can download malware onto your phone and then infect your computer when connected. All of these potential dangers makes borrowing a strangers USB or even letting someone charge their phone on your computer potentially very dangerous. 

Unfortunately, today's antivirus and protection software does not detect these sort of attacks on your computers, mainly because it "isn't technically a computer virus in action, just a device masquerading as another one," states Pagliery. 

So far IPhones and other smartphones have not been tested, but Androids are very susceptible to these types of attacks. To further enforce the danger of USB connection hacks, Pagliery tells us, "The Pentagon disabled its computers USB ports and banned the use of Flash drives in 2008 to prevent infection of government computers there." This precaution took place back in 2008, and now in 2014, researchers are finding even more problems associated with USB drives, so it is surely a cause to make sure you are not letting anyone else use your USB devices. 

Another article by Graham Cluley explains how someone could use this access to your computer, and "open[ed] a browser window which surfed to a webpage containing a zero-day exploit," and compromise your computer in a matter of minutes. 

Cluley offers some advice at the end of his article though, to help reassure people that there are some ways to protect yourself and business from these types of attacks. It must first be noted that these attacks are “sophisticated attacks which require considerable research and effort to pull off successfully . . . attacks are vendor-specific as every vendor creates their controllers differently” (Cluley). Also, if you have been keeping up with the latest software and making sure your computer is as highly protected as it can be, you may not be able to stop the USB from downloading the malware, but you may be able to detect and stop it before it fully compromises your computer. Most importantly, always be extremely cautious as to who you allow to use your USB. Cluley concludes with, “The golden rule is never plug anything into your computer that you do not 100% trust.”

 

In order to make sure your computer is fully updated and protected from these types of attacks, visit TCG's website www.tcgns.com and visit our Business Continuity page to learn how we can help protect and prepare your business from USB attacks.
To read the full article by Jose Pagliery, visit this website. To read the full article by Graham Cluley, visit this website.

 

Cluley, Graham. “Danger USB! Could a Flash Drive’s Firmware be Hiding Undetectable Malware?” Tripwire.com. 1 August, 2014. Online.

Pagliery, Jose. “USB Flash Drives have a Fatal, Universal Flaw.” WCVB.com. 2 August, 2014. Online.