Page 58 - Security Today, April 2022
P. 58
Hardware-Encrypted USB Flash Drives Stop BadUSB Before It Starts
It stands to reason that any problem with the word “bad” in its name will not be fun to deal with. However, when the solution for the said problem is a multi-tasker that solves multiple issues, that goes beyond being a good thing—maybe bordering on amazing. Such is the case with the problem of BadUSB and the most practical means of preventing the problems it causes: hardware- encrypted USB flash drives.
USB flash drives are one of the easiest, securest means of storing data, backing up files, booting a computer and transferring data/files/ images from one device to another. They are as ubiquitous on campuses as stately, ivy-covered buildings between students, faculty, and administrators.
USB drives are available in a wide range of prices, from free to three-digit figures. With that large a price range, it is not surprising that some lower-end units will be problematic.
What Exactly is BadUSB?
BadUSB is a class of malware used by hackers worldwide who are determined to create as much havoc in as many lives as they can. (Malware—an amalgam for malicious software—is an all- encompassing term for any computer software that was specifically designed with malicious intent.) BadUSB resides in a USB flash drive that has been programmed to go rogue and do some very bad, destructive things.
BadUSB allows these individuals to do some serious firewall breaching to introduce malware into a school's cyber-defenses through USB storage devices. The first USB malware, BadUSB, does not attack data on the device; instead, it attacks the device itself.
When a USB drive is plugged into a computer, the chipset controller of the computer starts a “handshake” with the USB drive controller via firmware. This exchange occurs even before the OS— whether it be Microsoft, macOS, or Linux—is even aware that a USB drive has been connected. (Every USB drive has firmware that runs when the drive is activated in a USB socket.)
The ne'er-do-wells behind BadUSB have learned that they can introduce malware through this “handshake” mechanism by replacing the firmware that runs on the USB drive controller with another, more malicious firmware that injects malware into the target computer system as it communicates with the USB drive.
A standard USB drive has no security on its internal firmware. So, while drives with BadUSB begin their existence as clean, unmarred USB drives, at some point, they are weaponized to penetrate firewalls and breach cyber defenses. Unfortunately, today's anti-malware solutions cannot detect this modified controller firmware, and in many cases, it remains undetectable and free to go about its ruinous work.
Preventing BadUSB
While USB manufacturers don't like disclosing their security countermeasures, they do talk about one measure that protects against
Advanced Technology
14 campuslifesecurity.com | MARCH/APRIL 2022