All Articles

Bad USB Defense Strategies

Posted by pritha on August 18, 2015 at 12:00am

What Is Bad USB?

The phenomenon of using the USB for malicious intent can be termed as Bad USB. USB Thumb Drives are the last considerations of malicious intent. However, if manipulated, they can takeover almost everything.

Some interesting demonstrations have been done at Black Hat conference by 2 highly regarded security researchers.

Listen To Karsten's Talk: Bad USB On Accessories That Turn Evil )

Possible Ways To Mitigate Bad USB Threats

  • Whitelisting USB devices
  • Block Critical Device Classes, Block USB Completely
  • Scan Peripheral Firmware For Malware
  • Use Code Signing For Firmware Updates
  • Disable Firmware Updates In Hardware

Limitations In Bad USB Mitigation Strategies

  • Whitelisting USB devices
    • Unique Serial No. may not be available in some USBs
    • Operating Systems don't support any USB Whitelisting
  • Block Critical Device Classes, Block USB Completely
    • Ease Of Use will override
    • USB usability is highly reduced if basic classes are blocked
      (Basic classes can be used for compromise)
  • Scan Peripheral Firmware For Malware
    • Very challenging, Malicious firmwares can spoof a legitimate one
  • Use Code Signing For Firmware Updates
    • Unauthorized updates still have a high chance eg. implementation error
    • Challenges in implementing secure cryptography on microcontrollers
    • Challenges in implementing for all devices
  • Disable Firmware Updates In Hardware
    • Most effective, however this may be available only for new devices

Threat

  • Present Security Solutions cannot detect malicious intent of USB
  • It can be used for spying,data theft,data tampering,almost anything-it can take control etc.
  • Security has to be built in before commercializing the product-no response yet on that!
  • Post Derbycon Hacker Conference 2 researchers have made some attack codes public-this puts millions of us at risk

( Read More: Top IT Security Conferences In The World )

 

References

1. Extracts have been taken from 'Bad USB On Accessories That Turn Evil' Talk by Karsten Nohl during Annual Summit, 2014. Click Here For Full Talk

2.http://securityaffairs.co/wordpress/27211/hacking/hackers-can-exploit-usb-devices-trigger-undetectable-attacks.html

3.http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

4.http://www.zdnet.com/article/badusb-big-bad-usb-security-problems-ahead/

Views: 711
Tags: BadUSB, attack, bad, badusb, is, protection, usb, what
Votes: 0
E-mail me when people leave their comments –
Follow
Posted by pritha

Community Head, CISO Platform

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Join The Community Discussion

Read More

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)
 

 

 

CISO Platform Talks : Security FireSide Chat With A Top CISO or equivalent (bi-monthly)

Jun 1, 2025 at 3:00am to Dec 31, 2025 at 3:00am
Virtual
  • Description:

    CISO Platform Talks: Security Fireside Chat With a Top CISO

    Join us for the CISOPlatform Fireside Chat, a power-packed 30-minute virtual conversation where we bring together some of the brightest minds in cybersecurity to share strategic insights, real-world experiences, and emerging trends. This exclusive monthly session is designed for senior cybersecurity leaders looking to stay ahead in an ever-evolving landscape.

    We’ve had the privilege of…

  • Created by: Biswajit Banerjee
  • Tags: ciso, fireside chat

Fireside Chat With Rick Doten (VP - Information Security at Centene Corporation)

Jun 19, 2025 at 9:30pm to Jun 20, 2025 at 10:00pm
Online
  • Description:

    We’re excited to bring you an exclusive fireside chat on "A CISO’s Guide on How to Manage a Dynamic Attack Surface" with Rick Doten (VP - Information Security, Centene Corporation) and Erik Laird (Vice President - North America, FireCompass). In this session, we’ll explore how top CISOs are tackling today’s rapidly expanding attack surface and what it takes to stay ahead of evolving threats in a cloud-first, AI-driven world.

    As…

  • Created by: Biswajit Banerjee
  • Tags: ciso, attack surface management, rick doten, ciso guide

CISO Meetup at BlackHat Las Vegas 2025

Aug 2, 2025 at 5:00pm to Aug 7, 2025 at 8:00pm
Mandalay Bay, Las Vegas, USA
  • Description:

    We are excited to welcome you to the CISO Meetup during BlackHat USA 2025 in Las Vegas! Join us for an exclusive networking, meaningful conversations, and community building with top CISOs and cybersecurity leaders from around the globe. 

    Meetup Details:

    Location: Mandalay Bay, Las Vegas …

  • Created by: Biswajit Banerjee
  • Tags: ciso, black hat, black hat 2025, black hat usa