Menu
Tools for creating malicious USB thumb drives released by security researchers

Tools for creating malicious USB thumb drives released by security researchers

The tools can be used to modify the firmware on USB flash drives in order to infect computers with malware

In a gambit aimed at driving manufacturers to beef up protections for USB flash drive firmware, two security researchers have released a collection of tools that can be used to turn those drives into silent malware installers.

The code release by researchers Adam Caudill and Brandon Wilson comes two months after researchers from Berlin-based Security Research Labs (SRLabs) demonstrated an attack dubbed BadUSB at the Black Hat security conference in Las Vegas.

The BadUSB attack showed how a USB thumb drive connected to a computer can automatically switch its profile to a keyboard -- and send keystrokes to download and install malware -- or emulate the profile of a network controller to hijack DNS settings.

The attack requires modifying the firmware on the USB controller, which can easily be done from inside the OS, the SRLabs researchers said at the time. However, they didn't release any tools or details on how to do it, because the vulnerability doesn't have an easy fix, they said.

This prompted Caudill and Wilson to replicate the attack in order to better understand how it works and the security risks it poses to computer users. They presented their findings last Friday at the Derbycon security conference in Louisville, Kentucky, but unlike the SRLabs researchers they actually released the tools they used, complete with firmware patches, payloads and documentation.

During their Derbycon demonstration, which is available on YouTube, the two researchers replicated the emulated keyboard attack, but also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.

The published tools were designed to work with thumb drives that use a USB controller called Phison 2251-03. However, they can easily be adapted to work for other controllers designed by Phison Electronics, a Taiwanese electronics company, the researchers said during their presentation. Phison controllers are found in a very large number of USB thumb drives available on the market.

"We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that Phison will add support for signed updates to all of the controllers it sells," Caudill said in a blog post. "Phison isn't the only player here, though they are the most common -- I'd love to see them take the lead in improving security for these devices."

Unfortunately, there really aren't any good options to defend against such attacks, Wilson said during the presentation. "You're dealing with a tiny little computer that has complete control over what happens over USB, so it can lie to you, it can do whatever."

One way to prevent attacks would be for manufacturers to require signed firmware updates for USB controllers or to disable the ability to change the firmware once a device leaves the factory. Some vendors might already do this, but many don't. And even if more manufacturers start doing this, the millions of existing insecure USB thumb drives will linger on for years and users will have a hard time telling them apart.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securitymalwarephysical securityExploits / vulnerabilitiesDesktop securitySecurity Research LabsPhison Electronics

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments