Warning: USB Malware Code Unleashed
Think malware can only come from the Web, malicious emails and corrupt files? If you depend on USB flash drives for your business, listen up about another threat: A new USB malware is on the loose. And it can cause ultimate digital destruction.
Back in July, security researchers Karsten Nohl and Jakob Lellrevealed that USB sticks have an unfixable security flaw that can allow malware to take over your entire PC — without you knowing it.
To demonstrate, Nohl and Lell created BadUSB, malware that lives in a USB's core. It rewrites the USB's firmware, staying undetected as it self-installs and quietly wreaks havoc on devices and network systems the infected USB is connected to. Even worse, BadUSB remains imperceptible to antivirus software and mobile security apps, and lives on even after the contents of the drive and devices have been deleted and reformatted. [Sneak Attack! 5 Hidden Ways Viruses Infect Your Computer] This week, Adam Caudill and Brandon Wilson, security researchers who reverse engineered and recreated BadUSB, did what is seemingly the unthinkable: They've released the code for the malware, allowing anyone to reproduce the malware and exploit all types of USB-capable devices, Wired reports.
If this doesn't scare you, it should. Connecting a USB drive infected by BadUSB and its variants will destroy any connected device and can spread to your entire network.
Specifically, Wired reports that malware like BadUSB can also:
- Alter files from thumb drives
- Redirect Internet traffic
- Tap and spy on USB-enabled smartphones
- Hijack keyboards to type commands
- Potentially inject malicious elements as files are being transferred
The malware can also be executed from any USB device, not just flash drives. This includes USB keyboards, mobile devices and more.
Caudill and Wilson made it clear, however, that they didn't release the malware to purposely exploit the flaw. The pair said in a hacker conference that they published the code to force USB manufacturers to make a decision: fix the problem or leave the entire digital world vulnerable to USB malware attacks.
"The belief we have is that all of this should be public. It shouldn't be held back. So we're releasing everything we've got," Caudill told the audience. "This was largely inspired by the fact that [Nohl and Lell] didn't release their material. If you're going to prove that there's a flaw, you need to release the material so people can defend against it."
So how can you protect your business from the scary USB monster now running loose the digital wild? The bad news is that the security flaw is unpatchable and your antivirus can't detect it. Until USB companies change how USB drives are designed and how they function, there's currently no way to defend your devices 100 percent if you use these drives.
The good news is that you have alternatives. Instead of using USB flash drives to store and share files, consider using cloud and online collaboration services like DropBox, Box, OneDrive and Google Drive. Here's an extensive list of cloud storage solutions for small businesses.
Originally published on Business News Daily