One of the most disturbing presentations at Black Hat’s 2014 Security Conference in Las Vegas was a seminar entitled “BadUSB – On accessories that turn evil.” USB (Universal Serial Bus) is a ubiquitous and very flexible protocol that simplifies the connectivity of peripheral devices to computers. BadUSB is a security flaw, or exploit, that allows attackers to reprogram USB controllers (in any USB device) to perform a desired function. The exploit modifies the firmware of USB devices, which places it beyond the reach of an operating system (and anti-virus software).
USB protocol assumes that a peripheral device produced by a known manufacturer can be trusted by a computer. Therein lies the fundamental vulnerability that is exploited by BadUSB:
- If someone wanted to redirect information from your computer to an alternate location, they could reprogram your mouse to act like a USB network adapter. This innocuous-looking mouse could then load a driver to enable external control of a target computer’s DNS
- A hacker could program your keyboard to act like a thumb drive, enabling it to auto-run a program that infects your computer with a Trojan application
- If you plug in your cell phone at an airport charging station that has been compromised, it could upload a virus to your phone that steals your contacts and other personal information
- Or what about your apparently secure network that is air-gapped from the rest of the world? Plug in a single mouse and your entire network could become vulnerable to attack
"If you put anything into your USB [slot], it extends a lot of trust," remarked Karsten Nohl, chief scientist at Security Research Labs in Berlin, and one of the developers of BadUSB. "Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It's the equivalent of [saying] ‘here's my computer; I'm going to walk away for 10 minutes. Please don't do anything evil.’"
In recent years, many manufacturers have added some level of programmability to their USB devices in order to simplify the manufacturing process. This programmability allows manufacturers to make changes to support new features and functions, and ironically, also to implement security fixes. Attackers can exploit this programmability, however, by creating microcode that overwrites a USB device’s internal firmware to fundamentally change its function. Virtually all USB devices are vulnerable to hacking in this way, and there is very little an end user can do to detect it.
So what can you do to defend your systems from this threat? Let’s consider some of the standard solutions:
- Only purchase USB devices from manufacturer that are known and trusted
- Only purchase USB devices from vendors that are known and trusted
- Only purchase USB devices with clear manufacturer labeling and original packaging
- Never use a USB device if you are uncertain of its origin or history
- Do not plug your cell phone or computer into USB charging outlets in public places like airports; use a “wall-wart” power adapter instead
- Disable USB devices in BIOS if they are not necessary
- Turn off “autorun” for any USB device
- Use epoxy to permanently attach peripheral devices like keyboards and mice to USB ports
- Use epoxy to permanently fill unused USB ports
- Physically remove USB ports when not needed
Beyond these “point” solutions, you can try to isolate potential problems by choosing a system that offers an extra layer of protection. RGB Spectrum’s hardware-based MultiPoint® Control Room Management System (Enterprise MCMSTM) integrates control of system resources in a way that both isolates them from operators and protects them from external threats. This is accomplished using an External Desktop Adapter (EDA), a hardware dongle that is installed on every connected resource. The EDA’s one-way communication system relays only HID (keyboard/mouse) signals to a controlled system, effectively creating a protective “air-gap” between operators and system resources.
This air-gapped level of security protects system resources from external tampering and negates the threat of malware infection, because malware no longer has an access point to enter the system. If an operator connects an infected USB device to his control station, MCMS limits potential damage to a keystroke attack, which can be easily detected and nullified. The powerful MCMS system offers the best protection against BadUSB attack because it prevents reprogrammed USB devices from being able to hijack other systems.
The addition of RGB Spectrum’s new Video Desktop Adapter (VDA) technology also enhances the secure capabilities of our control room systems. With VDA adapters, an operator workstation PC can be replaced with a thin, fully-secured client device that uses AES-256 encryption, NSA Suite B ciphers, and strong user authentication to protect controlled resources and sensitive data. Like the EDA, the VDA workstation appliance encodes and passes only HID data to prevent malware attacks. The VDA appliance also has no writable storage, so it is impervious to viral infections and cannot be reconfigured by hackers.
By blocking USB access to controlled systems, RGB Spectrum’s highly-secure, air-gapped control room solutions protect critical infrastructure.