BadUSB. A Threat with No Effective Protection.
In the previous chapter, we discussed viruses that spread through external storage devices, but these were just the tip of the iceberg compared to the threat we will talk about in this chapter.
Many of you have heard the recommendation not to insert unknown USB drives into your computer, as it is dangerous. There were even some paranoid individuals who seemed more willing to swallow a USB drive than to plug it into their computer. Then this belief shifted to the requirement of scanning USB drives with antivirus software or running files in a sandbox. Today, many people insert any USB drive into their computer or laptop without fear. And this is a mistake...
BadUSB is an attack method that involves reprogramming a USB device so that it is recognized by the computer as a different device. For example, a USB flash drive can be seen by the computer as a keyboard or an external network card, thereby allowing BadUSB to execute malicious code embedded within it on the computer.
The root of the problem lies in the microcontroller installed in every USB device, which informs the computer about what type of device is connected and how to interact with it. However, many USB devices are not protected against reprogramming, making it easy to "transform" a USB flash drive into an external Wi-Fi adapter or camera.
A user can easily visually distinguish an external hard drive from an external keyboard, but how can a computer do this? A computer has no eyes...
And this vulnerability is not mitigated by antivirus software or any other solutions. Antivirus programs simply cannot adequately assess the actions of external storage devices. For example, a USB flash drive with BadUSB presents itself as a network card and redirects your data to the resources of attackers by changing the DNS, where it is intercepted. How can an antivirus distinguish such a USB flash drive from a regular network card?
BadUSB is a tool for targeted attacks, as due to the differences in microcontrollers, it is impossible to develop a universal solution for reprogramming. However, attackers can reprogram a USB flash drive, external hard drive, keyboard, mouse, webcam, or an Android-based device for targeted attacks. While this method was previously accessible only to certain geeks and intelligence agencies, today it is available to any specialist, while personal computers remain just as defenseless against this threat.