Advertising
Advertising

USB Security Problems and Solutions

USB Security Problems and Solutions

With over 3 billion USB devices shipped a year (a large proportion of them USB flash drives), there is no doubt that the majority of us are familiar with this technology.

Indeed, with USB flash drives in particular, most if not all of us have owned one or many in the past.

With how often we all mindlessly insert our flash drives into computers, you would think that these nifty little devices are immune to security breaches. The truth of the matter however is that all USB products, including flash drives, are vulnerable to several incredibly destructive forms of malware.

To understand why they are vulnerable, you first need to understand that all USB devices include a firmware chip, which controls its basic bare-bones functions.

Advertising

Think of firmware as being akin to your brain stem, in that it unconsciously regulates some basic (but vital) functions in USB devices, like how they communicate with computers.

Why is this significant? Well, one form of malware, dubbed “BadUSB,” infects USB products by latching onto their firmware. But that’s not all you have to look out for. “USBdriveby” remotely attacks your computer’s USB ports, and is equally difficult to detect.

1. BadUSB

What is BadUSB and how does it work? As I hinted at above, BadUSB is a kind of malware that basically exists within the code of a USB device’s firmware.

When you plug in a USB device infected with BadUSB, the malware has the capability to “completely take over a PC, invisibly alter files installed from the memory stick, [and] even redirect [your] internet traffic.”

Advertising

BadUSB and malware like it are dangerous because they’re incredibly hard to defend against. Standard virus and malware scanners won’t detect them, because they are unable to check a device’s firmware.

The only way to really know if a USB device has BadUSB would be to analyze its firmware code line by line and see where the malware was inserted. Obviously, that’s no small task for the average user or even most experts.

2. USBdriveby

If BadUSB doesn’t scare you, then USBdriveby might. USBdriveby is essentially a remote that interacts with your computer’s USB ports, gains access, and proceeds to wreak havoc.

Like BadUSB, USBdriveby takes advantage of the inherent flaws within USB protocols. What it does first is pretend it’s a USB mouse or keyboard. Then, it shuts down your computer’s security, opens up a backdoor so that a hacker can later gain access, and exits your system without leaving a trace.

Advertising

Unless you’re really good at rummaging through your computer’s operating system, you won’t find the backdoor until it’s too late.

3. Solutions

Can USBdriveby be stopped? Not really, since the problem lies in USB architecture itself, meaning you’d need to strip your devices of USB ports to keep them completely safe.

All you can really do to stop something like USBdriveby is to keep your electronics away from anything resembling the remote/microcontroller device pictured here.

What about something like BadUSB? Can anything be done about that? Well, again, not really, but you can take steps to defend yourself. Basically, you just need to be more cautious when you’re using USB devices.

Advertising

For instance, don’t plug your flash drive into a suspicious computer, and don’t plug a suspicious flash drive into your computer.

Yes, in some sense, researchers are asking that we treat USB devices like “hypodermic needles.”

Beyond getting us to be more wary around USB products, researchers are making an effort to get companies and USB manufacturers to acknowledge that these kinds of malware are a major issue. They hope this will lead to changes not only in the way we use these devices, but in the way they are designed.

It was only a matter of time before people started to try and take advantage of an ubiquitous technology like USB. Might it be time to move on to other, more secure forms of data distribution? With the rise of cloud services like Dropbox, perhaps (though these have their own issues).

Still, I don’t think we’ll be giving up USB any time soon, if only for the sake of convenience. Let’s hope that somebody develops a fix that removes the enormous vulnerabilities inherent to the USB architecture, else we could all be facing malware-related problems in the future.

Featured photo credit: Custom USB Pencil/ Custom USB via flickr.com

More by this author

5 Life Lessons I Learned From Dean Winchester 10 Best Online Shopping Sites I Wish I Knew Earlier 10 Reasons Why Dogs Are Man’s Best Friend 30 Incredible Things Your iPhone Can Do 10 Things Only Detail-Oriented People Do

Trending in Technology

1 8 Replacements for Google Notebook 2 7 Tools to Help Keep Track of Goals and Habits Effectively 3 7 Clever Goal Tracker Apps to Make the Most of Your Business in 2019 4 10 Smartest Productivity Software to Improve Your Work Performance 5 18 Best Time Management Apps and Tools (2019 Updated)

Read Next

Advertising
Advertising
Advertising

Last Updated on May 14, 2019

8 Replacements for Google Notebook

8 Replacements for Google Notebook

Exploring alternatives to Google Notebook? There are more than a few ‘notebooks’ available online these days, although choosing the right one will likely depend on just what you use Google Notebook for.

  1. Zoho Notebook
    If you want to stick with something as close to Google Notebook as possible, Zoho Notebook may just be your best bet. The user interface has some significant changes, but in general, Zoho Notebook has pretty similar features. There is even a Firefox plugin that allows you to highlight content and drop it into your Notebook. You can go a bit further, though, dropping in any spreadsheets or documents you have in Zoho, as well as some applications and all websites — to the point that you can control a desktop remotely if you pare it with something like Zoho Meeting.
  2. Evernote
    The features that Evernote brings to the table are pretty great. In addition to allowing you to capture parts of a website, Evernote has a desktop search tool mobil versions (iPhone and Windows Mobile). It even has an API, if you’ve got any features in mind not currently available. Evernote offers 40 MB for free accounts — if you’ll need more, the premium version is priced at $5 per month or $45 per year. Encryption, size and whether you’ll see ads seem to be the main differences between the free and premium versions.
  3. Net Notes
    If the major allure for Google Notebooks lays in the Firefox extension, Net Notes might be a good alternative. It’s a Firefox extension that allows you to save notes on websites in your bookmarks. You can toggle the Net Notes sidebar and access your notes as you browse. You can also tag websites. Net Notes works with Mozilla Weave if you need to access your notes from multiple computers.
  4. i-Lighter
    You can highlight and save information from any website while you’re browsing with i-Lighter. You can also add notes to your i-Lighted information, as well as email it or send the information to be posted to your blog or Twitter account. Your notes are saved in a notebook on your computer — but they’re also synchronized to the iLighter website. You can log in to the site from any computer.
  5. Clipmarks
    For those browsers interested in sharing what they find with others, Clipmarks provides a tool to select clips of text, images and video and share them with friends. You can easily syndicate your finds to a whole list of sites such as Facebook, Twitter and Digg. You can also easily review your past clips and use them as references through Clipmarks’ website.
  6. UberNote
    If you can think of a way to send notes to UberNote, it can handle it. You can clip material while browsing, email, IM, text message or even visit the UberNote sites to add notes to the information you have saved. You can organize your notes, tag them and even add checkboxes if you want to turn a note into some sort of task list. You can drag and drop information between notes in order to manage them.
  7. iLeonardo
    iLeonardo treats research as a social concern. You can create a notebook on iLeonardo on a particular topic, collecting information online. You can also access other people’s notebooks. It may not necessarily take the place of Google Notebook — I’m pretty sure my notes on some subjects are cryptic — but it’s a pretty cool tool. You can keep notebooks private if you like the interface but don’t want to share a particular project. iLeonardo does allow you to follow fellow notetakers and receive the information they find on a particular topic.
  8. Zotero
    Another Firefox extension, Zotero started life as a citation management tool targeted towards academic researchers. However, it offers notetaking tools, as well as a way to save files to your notebook. If you do a lot of writing in Microsoft Word or Open Office, Zotero might be the tool for you — it’s integrated with both word processing software to allow you to easily move your notes over, as well as several blogging options. Zotero’s interface is also available in more than 30 languages.

I’ve been relying on Google Notebook as a catch-all for blog post ideas — being able to just highlight information and save it is a great tool for a blogger.

Advertising

In replacing it, though, I’m starting to lean towards Evernote. I’ve found it handles pretty much everything I want, especially with the voice recording feature. I’m planning to keep trying things out for a while yet — I’m sticking with Google Notebook until the Firefox extension quits working — and if you have any recommendations that I missed when I put together this list, I’d love to hear them — just leave a comment!

Advertising

Advertising

Read Next