- Oct 23, 2012
- 12,527
Adam Caudill and Brandon Wilson, the two researchers that spilled the documentation for weaponizing a USB device released a patch and instructions to protect against possible BadUSB attacks, but the measures are more suitable for paranoids than the average Joe.
Caudill posted a piece of code on GitHub designed to disable the “boot mode” state of the thumb drive, which makes reprogramming the USB much more difficult and protects against malware spreading to and from the device when connected to a computer.
Even with patch applied, there is still a way to reverse its effect
However, applying the patch provided by the researcher alone does not guarantee against tampering with the device. First of all, it is suitable only for the latest firmware from Phison company, released for USB 3.0 devices.
Second, using a method called “pin-shorting,” an attacker could reset the thumb drive, making it reprogrammable again.
The technique requires physical access and it basically consists in short-circuiting the flash I/O pins that control the boot loader of the device. This task is a very sensitive one and it requires a skilled hand because a small mistake can make the device unusable.
In the BadUSB presentation from Derbycon, Brandon Wilson is as clear as possible about the risks, saying that he himself wasted plenty of the storage media in the process of preparing them for reprogramming.
Secure the device against physical access
For those thinking that the patch from the researchers is not enough to keep them safe from BadUSB types of attack, there is a way to protect the USB device, but you have to stick to it. Literally!
They recommend using glue to seal shut access to the USB chip. In a conversation with Wired, Caudill said that by doing so, someone trying to open the device would leave traces that would alert the potential victim of the hack attempt.
Such a measure may appear extreme, but there definitely are individuals out there ready to adopt it.
Caudill told the publication that he experimented with a particular brand of epoxy and used a medical syringe to coat the inner case of the USB with the adhesive. “Just coat the entire device in a thick hard material that’s nearly impossible to get off without destroying the drive in the process,” he told Wired.
Of course, this method would prove more efficient with the devices compatible with the patch, otherwise there is still the possibility of exploitation without having to open the case of the USB.
Furthermore, the method used by the researchers to reprogram the firmware may not be the only one, and, if a new way is found, neither of the suggested measures would protect against BadUSB.
Caudill posted a piece of code on GitHub designed to disable the “boot mode” state of the thumb drive, which makes reprogramming the USB much more difficult and protects against malware spreading to and from the device when connected to a computer.
Even with patch applied, there is still a way to reverse its effect
However, applying the patch provided by the researcher alone does not guarantee against tampering with the device. First of all, it is suitable only for the latest firmware from Phison company, released for USB 3.0 devices.
Second, using a method called “pin-shorting,” an attacker could reset the thumb drive, making it reprogrammable again.
The technique requires physical access and it basically consists in short-circuiting the flash I/O pins that control the boot loader of the device. This task is a very sensitive one and it requires a skilled hand because a small mistake can make the device unusable.
In the BadUSB presentation from Derbycon, Brandon Wilson is as clear as possible about the risks, saying that he himself wasted plenty of the storage media in the process of preparing them for reprogramming.
Secure the device against physical access
For those thinking that the patch from the researchers is not enough to keep them safe from BadUSB types of attack, there is a way to protect the USB device, but you have to stick to it. Literally!
They recommend using glue to seal shut access to the USB chip. In a conversation with Wired, Caudill said that by doing so, someone trying to open the device would leave traces that would alert the potential victim of the hack attempt.
Such a measure may appear extreme, but there definitely are individuals out there ready to adopt it.
Caudill told the publication that he experimented with a particular brand of epoxy and used a medical syringe to coat the inner case of the USB with the adhesive. “Just coat the entire device in a thick hard material that’s nearly impossible to get off without destroying the drive in the process,” he told Wired.
Of course, this method would prove more efficient with the devices compatible with the patch, otherwise there is still the possibility of exploitation without having to open the case of the USB.
Furthermore, the method used by the researchers to reprogram the firmware may not be the only one, and, if a new way is found, neither of the suggested measures would protect against BadUSB.
