All Articles

Bad USB Defense Strategies

Posted by pritha on August 18, 2015 at 12:00am

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.

Listen To Karsten's Talk: Bad USB On Accessories That Turn Evil )

Possible Ways To Mitigate Bad USB Threats

  • Whitelisting USB devices
  • Block Critical Device Classes, Block USB Completely
  • Scan Peripheral Firmware For Malware
  • Use Code Signing For Firmware Updates
  • Disable Firmware Updates In Hardware

Limitations In Bad USB Mitigation Strategies

  • Whitelisting USB devices
    • Unique Serial No. may not be available in some USBs
    • Operating Systems don't support any USB Whitelisting
  • Block Critical Device Classes, Block USB Completely
    • Ease Of Use will override
    • USB usability is highly reduced if basic classes are blocked
      (Basic classes can be used for compromise)
  • Scan Peripheral Firmware For Malware
    • Very challenging, Malicious firmwares can spoof a legitimate one
  • Use Code Signing For Firmware Updates
    • Unauthorized updates still have a high chance eg. implementation error
    • Challenges in implementing secure cryptography on microcontrollers
    • Challenges in implementing for all devices
  • Disable Firmware Updates In Hardware
    • Most effective, however this may be available only for new devices

Threat

  • Present Security Solutions cannot detect malicious intent of USB
  • It can be used for spying,data theft,data tampering,almost anything-it can take control etc.
  • Security has to be built in before commercializing the product-no response yet on that!
  • Post Derbycon Hacker Conference 2 researchers have made some attack codes public-this puts millions of us at risk

( Read More: Top IT Security Conferences In The World )

 

References

1. Extracts have been taken from 'Bad USB On Accessories That Turn Evil' Talk by Karsten Nohl during Annual Summit, 2014. Click Here For Full Talk

2.http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html

3.http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

4.http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/

Views: 755
Tags: BadUSB, attack, bad, badusb, is, protection, usb, what
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (Monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

6 City Round Table On "New Guidelines & CISO Priorities for 2025" (Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata)

Dec 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
India
  • Description:

    We are pleased to invite you to an exclusive roundtable series hosted by CISO Platform in partnership with FireCompass. The roundtable will focus on "New Guidelines & CISO Priorities for 2025"

    Date: December 1st - December 31st 2025

    Venue: Delhi, Mumbai, Bangalore, Pune, Chennai, Kolkata

    >> Register Here

  • Created by: Biswajit Banerjee

Fireside Chat With Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.)

Jan 10, 2026 from 4:30pm to 5:00pm
Online
  • Description:

    We’re excited to bring you an insightful fireside chat with Sandro Bucchianeri (Group Chief Security Officer at National Australia Bank Ltd.) and Erik Laird (Vice President - North America, FireCompass). 

    About Sandro:

    Sandro Bucchianeri is an award-winning global cybersecurity leader with over 25…

  • Created by: Biswajit Banerjee
  • Tags: ciso, sandro bucchianeri, nab