Advertising

USB Security Problems and Solutions

Advertising
USB Security Problems and Solutions

With over 3 billion USB devices shipped a year (a large proportion of them USB flash drives), there is no doubt that the majority of us are familiar with this technology.

Indeed, with USB flash drives in particular, most if not all of us have owned one or many in the past.

With how often we all mindlessly insert our flash drives into computers, you would think that these nifty little devices are immune to security breaches. The truth of the matter however is that all USB products, including flash drives, are vulnerable to several incredibly destructive forms of malware.

To understand why they are vulnerable, you first need to understand that all USB devices include a firmware chip, which controls its basic bare-bones functions.

Advertising

Think of firmware as being akin to your brain stem, in that it unconsciously regulates some basic (but vital) functions in USB devices, like how they communicate with computers.

Why is this significant? Well, one form of malware, dubbed “BadUSB,” infects USB products by latching onto their firmware. But that’s not all you have to look out for. “USBdriveby” remotely attacks your computer’s USB ports, and is equally difficult to detect.

1. BadUSB

What is BadUSB and how does it work? As I hinted at above, BadUSB is a kind of malware that basically exists within the code of a USB device’s firmware.

When you plug in a USB device infected with BadUSB, the malware has the capability to “completely take over a PC, invisibly alter files installed from the memory stick, [and] even redirect [your] internet traffic.”

Advertising

BadUSB and malware like it are dangerous because they’re incredibly hard to defend against. Standard virus and malware scanners won’t detect them, because they are unable to check a device’s firmware.

The only way to really know if a USB device has BadUSB would be to analyze its firmware code line by line and see where the malware was inserted. Obviously, that’s no small task for the average user or even most experts.

2. USBdriveby

If BadUSB doesn’t scare you, then USBdriveby might. USBdriveby is essentially a remote that interacts with your computer’s USB ports, gains access, and proceeds to wreak havoc.

Like BadUSB, USBdriveby takes advantage of the inherent flaws within USB protocols. What it does first is pretend it’s a USB mouse or keyboard. Then, it shuts down your computer’s security, opens up a backdoor so that a hacker can later gain access, and exits your system without leaving a trace.

Advertising

Unless you’re really good at rummaging through your computer’s operating system, you won’t find the backdoor until it’s too late.

3. Solutions

Can USBdriveby be stopped? Not really, since the problem lies in USB architecture itself, meaning you’d need to strip your devices of USB ports to keep them completely safe.

All you can really do to stop something like USBdriveby is to keep your electronics away from anything resembling the remote/microcontroller device pictured here.

What about something like BadUSB? Can anything be done about that? Well, again, not really, but you can take steps to defend yourself. Basically, you just need to be more cautious when you’re using USB devices.

Advertising

For instance, don’t plug your flash drive into a suspicious computer, and don’t plug a suspicious flash drive into your computer.

Yes, in some sense, researchers are asking that we treat USB devices like “hypodermic needles.”

Beyond getting us to be more wary around USB products, researchers are making an effort to get companies and USB manufacturers to acknowledge that these kinds of malware are a major issue. They hope this will lead to changes not only in the way we use these devices, but in the way they are designed.

It was only a matter of time before people started to try and take advantage of an ubiquitous technology like USB. Might it be time to move on to other, more secure forms of data distribution? With the rise of cloud services like Dropbox, perhaps (though these have their own issues).

Advertising

Still, I don’t think we’ll be giving up USB any time soon, if only for the sake of convenience. Let’s hope that somebody develops a fix that removes the enormous vulnerabilities inherent to the USB architecture, else we could all be facing malware-related problems in the future.

Featured photo credit: Custom USB Pencil/ Custom USB via flickr.com

More by this author

Why Doesn’t Coffee Work For Me? Science Says You Should Try Coffee Nap Too 20 Wonderful Health Benefits Of Coffee 5 Reasons Why Overusing Hand Sanitizer Isn’t Good For You 5 Life Lessons I Learned From Dean Winchester 10 Best Online Shopping Sites I Wish I Knew Earlier

Trending in Technology

1 How to Make Private Browsing on Safari Truly Private 2 20 Must-Have iPad Apps /iPhone Apps That You May Be Missing 3 Finally, 20 Productivity Apps That Will Ensure Efficiency 4 8 Useful Apps Every Learner Should Not Miss 5 Protecting Your Online Life With Secure Passwords

Read Next

Advertising
Advertising

Last Updated on November 25, 2021

How to Make Private Browsing on Safari Truly Private

Advertising
How to Make Private Browsing on Safari Truly Private

There comes a time when we may be searching online and don’t want the browser to remember our footsteps. The reasons don’t always have to be what we obviously think of as the main reason; for example, sometimes, you may not want Safari to remember your passwords or prompt you to enter your password when surfing the web.

Whatever the reason, we may think that we are totally in the clear with Private Browsing on Safari and the other browsers on a Mac. However, a quick Terminal command can bring up every website you’ve visited. How do you do this? Also, how do you clear your tracks for good? We will provide both answers and more today.

    What Does Private Browsing Do?

    When activated, Private Browsing on Safari prevents your browsing history from being kept in the history tab of the application. Along with this, it doesn’t autofill information that you have saved in the browser. In this mode, you essentially become incognito and any references of previous use is essentially hidden when you are in private mode.

    For example: if you are on Facebook or filling out a form and some information or your login is already filled in in the spaces provided, this is called autofill. It’s activated by simply clicking Safari next to the Apple symbol in the menubar and selecting Private Browsing, then clicking “OK” to the prompt.

    Advertising

    The reasons behind private mode differ for each individual. While we won’t go into all of those reasons, one thing that is  important to remember is that private browsing doesn’t forget the websites you visit. As we will see later on, Macs keep a second copy of the websites you visit in either mode. If you are in frantic mode looking for a solution to this, look no further.

    The Terminal Archive

    While Safari does a good job of keeping your search history out of prying eyes in the history tab, there is a less-than-obvious way to view a full list of visited websites on Mac. This is done in Terminal; the command-line emulator that allows you to make changes to your Mac.

    Terminal is located in the Utilities folder on your Mac. Once activated, simply add the command:

    dscacheutil -cachedump -entries Host

    Advertising

    Once you hit “enter”, a list of the visited sites appear. Showing only the domains, the sites appear in a format of:

    Key: h_name :(website domain)ipv4 :1

    However, there’s no need to fear—there is a way you can clear this information from Terminal with a command that’s just as simple.

    Clearing Your Tracks

    Just as simply as you were able to enter the command to view the websites, you can clear the cache that Terminal showed you with the comamnd:

    Advertising

    dscacheutil -flushcache

    As the command denotes, this literally “flushes” the domains from Terminal. This does not prevent the record from continuing to be recorded for future sites, however, so if that’s an issue for you, repeat this process regularly.

    Other Browsers and Private Browsing

    Other browsers have this form of privacy mode for their service. They promise many of the same things as Safari, but they do not have the same Terminal issue due to how this command only presents websites visited on Safari (the browser Macs come shipped with).

    If you use Firefox, you’ll notice that its private mode is also known as Private Browsing. Chrome calls private mode Incognito, while Internet Explorer refers to it as InPrivate Browsing. Opera is the newest to the scene, denoting it as Private Tab. Safari is the oldest well-known browser with this feature.

    Advertising

    As you can see, despite Private Browsing not being 100% private, Terminal allows for your browser to be. In what ways has Terminal helped your life or allowed you to become more productive? Let us know in the comments below.

    Featured photo credit: Benjamin Dada via unsplash.com

    Read Next