Menu
Tools for creating malicious USB thumb drives released by security researchers

Tools for creating malicious USB thumb drives released by security researchers

The tools can be used to modify the firmware on USB flash drives in order to infect computers with malware

In a gambit aimed at driving manufacturers to beef up protections for USB flash drive firmware, two security researchers have released a collection of tools that can be used to turn those drives into silent malware installers.

The code release by researchers Adam Caudill and Brandon Wilson comes two months after researchers from Berlin-based Security Research Labs (SRLabs) demonstrated an attack dubbed BadUSB at the Black Hat security conference in Las Vegas.

The BadUSB attack showed how a USB thumb drive connected to a computer can automatically switch its profile to a keyboard -- and send keystrokes to download and install malware -- or emulate the profile of a network controller to hijack DNS settings.

The attack requires modifying the firmware on the USB controller, which can easily be done from inside the OS, the SRLabs researchers said at the time. However, they didn't release any tools or details on how to do it, because the vulnerability doesn't have an easy fix, they said.

This prompted Caudill and Wilson to replicate the attack in order to better understand how it works and the security risks it poses to computer users. They presented their findings last Friday at the Derbycon security conference in Louisville, Kentucky, but unlike the SRLabs researchers they actually released the tools they used, complete with firmware patches, payloads and documentation.

During their Derbycon demonstration, which is available on YouTube, the two researchers replicated the emulated keyboard attack, but also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.

The published tools were designed to work with thumb drives that use a USB controller called Phison 2251-03. However, they can easily be adapted to work for other controllers designed by Phison Electronics, a Taiwanese electronics company, the researchers said during their presentation. Phison controllers are found in a very large number of USB thumb drives available on the market.

"We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that Phison will add support for signed updates to all of the controllers it sells," Caudill said in a blog post. "Phison isn't the only player here, though they are the most common -- I'd love to see them take the lead in improving security for these devices."

Unfortunately, there really aren't any good options to defend against such attacks, Wilson said during the presentation. "You're dealing with a tiny little computer that has complete control over what happens over USB, so it can lie to you, it can do whatever."

One way to prevent attacks would be for manufacturers to require signed firmware updates for USB controllers or to disable the ability to change the firmware once a device leaves the factory. Some vendors might already do this, but many don't. And even if more manufacturers start doing this, the millions of existing insecure USB thumb drives will linger on for years and users will have a hard time telling them apart.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags securityphysical securityDesktop securityExploits / vulnerabilitiesmalwareSecurity Research LabsPhison Electronics

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments