Cygilant Blog

Infected USB Firmware is Unstoppable

Posted by Vijay Basani on Aug 13, 2014


Researchers have found that USB devices such as thumb drives, keyboards, and mice, can be used to hack into personal computers in a new way, reported Reuters. Hackers can load malicious software onto the computer chips inside USB devices, said Karsten Nohl, the chief scientist at Security Research Labs in Berlin. The firmware in these controllers can be reprogrammed by cybercriminals. Before, people were wary of strange files on their USB’s memory – now they have to worry about malicious code inside the USB’s firmware.


According to Reuters, Nohl and his security firm conducted the tests by “writing malicious code onto USB control chips used in thumb drives and smartphones. Once the USB device is attached to a computer, the malicious software can log keystrokes, spy on communications, and destroy data.” The malware Nohl created, called BadUSB, can take over computers without being detected by anti-virus software. This is because the malicious code is hidden in the firmware of the USB device, said Security Research Labs.


On their website, Security Research Labs posted a list of ways the malicious software can reprogram a device. The USB can imitate the keyboard and “issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.” The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.” Before a computer starts up, the device can “boot a small virus, which infects the computer’s operating system prior to boot.”


Security Research Labs say there is no way to restore a secured system after a computer gets infected. “The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive. Once infected, computers and their USB peripherals can never be trusted again.”


This news is especially concerning for employers who have a BYOD policy in place. An employee may bring a compromised USB to the office and inadvertently infect their work computer. A USB can connect to almost any device, so it has the potential to infect the entire workplace. Because of their convenience and utility, USBs are now a typical office supply found on desks next to pens, staplers, and sticky notes. If an infected USB gets passed around the office, every computer could become infected. Globally, there could already be thousands of infected USBs getting pass around. Although the malicious software on a USB is difficult to detect, a company would benefit from having an expert IT security team on-call to deal with an attack. If the security team can catch the source of the attack before the USB gets passed around, they could save the entire office from weeks of headaches.

Request Demo

Most Recent Posts

Subscribe to the Cygilant Newsletter