Can every USB device and most of the chips in other hardware be reprogrammed like it works with the Bad USB hack to inject malware into the operating system?
For example i got a DVD burner that i bought a DVD burner to install operating systems to my notebook. The people working for the manufacturing firm do they have the skills and knowledge to rebuild the device or reflash the chip in a way that it can inject malware during the installation process?
They have the signatures so in ubuntu if one would check lsusb the device would still be recognised as a product of this manufacturer if i imagine this right.
I read somewhere that regarding the bad USB hack emulating a keyboard is the only possibility to take over the operating system because logically a usb device has not the "skills" of a network card. But for example if someone would rebuild a larger usb device like a keyboard or a DVD burner and put in a little extra chip there should be more possibilities and attack vectors. How could one prevent such attacks? Monitoring network activity and blocking human interface devices?
2 Answers
1) BadUSB works by reprogramming a USB device's firmware "in-band" (ie. over the USB connection). Currently, only one particular model of USB controller chip is known to permit this. Devices that do not permit in-band firmware changes are not vulnerable to BadUSB.
3) No amount of firmware programming can make a device do something it doesn't have the hardware for. A USB thumb drive, for example, has neither antennas nor Ethernet jacks, and thus cannot be turned into a network card.
Putting extra chips in a device isn't a BadUSB attack. It is, however, the sort of thing a spy agency might do, and they're generally clever enough about it that you can't spot the modifications through simple means like checking for unexpected network interfaces.
- 34,390
- 9
- 85
- 134
-
Note that (1) does not stop a determined attacker who can make their own USB chips or reprogram the device out-of-band (that's just not BadUSB, and was always known to be possible); you might want to add that to your last paragraph as "stuff that isn't BadUSB". For (3), I thought the risk was that it could _pretend_ to work as a network card and "receive" fake incoming packets or become the first-choice card (so it "fails" to send the packets before the OS gives them to the real interface)? It doesn't have keys, but it can still fake being a keyboard. – cpast Dec 18 '14 at 02:38
Mark answered (1) and (3). For (2), this also isn't anything to do with BadUSB. To begin with, BadUSB is about someone reprogramming legitimate USB controllers through a USB connection; this makes it easy to do, and also means it can be done by an infected computer without anyone noticing. It was always possible for a USB device manufacturer to put whatever they want in a controller at manufacture time, or for that matter to use an innocuous controller but make the device itself do whatever they want it to do. You have to trust the manufacturer to be producing legitimate hardware; there exists no technical means to force them to do so, because this is a human-level problem instead of a computer-level problem. Is this practical? Probably not; it would be hard to hide from higher-ups if you're messing with the chip fabrication process, and the company has a reputation to uphold. Is it possible? Yes, it's always been possible.
- 7,223
- 1
- 29
- 35