Security researchers at SR Labs have highlighted a weakness in the USB protocol and published a demonstration of the exploit named BadUSB.
The BadUSB makes use of the fact that cheap USB accessories such as flash drives, web cams and gadgets don’t require verification of firmware updates. Firmware is what runs on the controller (the small computer) inside the devices. Computer operating systems cannot verify that the devices have not been exploited as it is possible to do so in the USB protocol. The threat is that the hijacked or infected USB accessory then can be used the perform malicious tasks on the unsuspecting host computer.
All present and past SafeConsoleReady secure USB drives are unaffected by BadUSB as they all require digital signature verification before allowing firmware upgrades.
BlockMaster’s recommendation is to:
- Only use SafeConsoleReady secure USB drives.
- Use a USB port control such as Device LockOut from BlockMaster to only allow access for verfied secure USB drives. Device LockOut can also be used to block USB device classes to ensure that no device can be connected for instance as a modem or wireless controller. To our knowledge no other port control offers this capabillity to lock down device classes. Device LockOut starts at $9 per protected computer.
- Only use USB accessories from high-quality providers.
Please contact us at [email protected] if you have any questions.