Within the last decade or so, removable USB flash drives have become one of the most frequently used tools for data transfer and storage. Most of us cannot imagine our lives without them. We continue to use them on a daily basis, often without a second thought. We must, however, bear in mind that removable flash drives can also pose a significant security threat.
It may appear quite harmless – I simply plug my removable memory in to someone else’s computer, whether to transfer business or personal data, give a presentation or for any other reason. Like most people, I am aware that the computer may transfer a computer virus to my flash drive, and quite often it actually happens. On the other hand, if I follow the security protocol, run an anti-virus program to check the removable memory before plugging it in to my PC, and formate it from time to time as a preventive measure, I can reduce this threat to the minimum (or at least to the lowest acceptable level).
It is true, however, that removable memories can conceal far more serious threats. During the Black Hat conference, SR Labs experts Karsten Nohl and Jacob Nell introduced a malicious code called BadUSB which operates on a different basis than classic computer viruses. BadUSB exploits a gap in chip security, namely chips ensuring a communication between the device and the USB interface, and as a result, it attacks the device USB controller itself and registers as a part of firmware. Routine security checks have no chance to detect the problem, let alone fix it. In addition, this problem does not involve only USB flash drives, but in fact any device connected to the computer via a USB interface or equipped with a USB port, e.g. smartphone, camera, mouse, keyboard, etc. The attacker can do pretty much anything with such an infected device: change transferred files, track keystroke sequences, infect the computer operating system with a malicious code during booting, redirect the internet traffic, substitute a regular webpage with a malicious webpage. Once they become infected, neither the computer nor its peripherals can be considered trustworthy again.
Plugging an unknown USB flash drive in to your device port may present another threat. In addition to the virus infection, a far worse situation may occur. It is called “Lethal USB Memory”, the official name is USB Killer v2.0. When plugged in to the port, it destroys the computer hardware within seconds. Instead of memory chips, the “flash” electronic board has a voltage converter and capacitor batteries. When it is plugged in to the USB port, a 5V power supply from the busbar switches the voltage converter on to charge the capacitors until they reach a total negative voltage of -220 V. Then the converter is disconnected and the transistor switches the capacitor output directly to the USB busbar signal wires. This process is repeated in loops until the computer stops working.