Two researchers who released code that can be used to exploit a critical weakness in most USB drives followed that up Sunday with their version of a patch for the problem.
The attack code and subsequent patch is a response to the BadUSB research released during Black Hat this summer, yet, the fix is akin to applying a Band-Aid where stitches are required. The patch was written only for one USB manufacturer’s devices and sidesteps what independent researchers Adam Caudill and Brandon Wilson, as well as BadUSB researcher Karsten Nohl, believe are much more effective defensive measures.
Caudill and Wilson posted the patch, which applies only to USB drives manufactured by Phison Electronics Corp., to Github. The patch disables boot mode, the mechanism by which firmware updates are made to USB-based devices. They also recommend applying a bonding epoxy to thumb drives to prevents physical tampering.
“It’s all a matter of how paranoid you want to be about it,” Wilson said.
The patch is meant to head off the attack vector demonstrated by German researchers Nohl and Jakob Lell of SR Labs. BadUSB was among the most talked-about research coming out of Black Hat, and struck a particular chord with security people already contending with Internet-wide bugs such as Heartbleed and most recently Shellshock.
BadUSB is not a vendor issue, though, but an ecosystem-wide problem.
“Generally, I can sympathize with full disclosure to increase the pressure on vendors to fix their issues. BadUSB is not a vendor issue, though, but an ecosystem-wide problem,” Nohl said. “Ironically, the main target of this release, Phison, already offers chips with code-signing. It’s Phison’s customers and ultimately the USB consumers, that choose not to use them. I’m not convinced that the recent release holds much sway to change that.”
Code-signing has been a suggested remedy in some corners for such a universal problem. Nohl said it’s not enough.
“Code signing comes with the same issue: Any bug anywhere in the controller code would allow you to circumvent the code signing,” Nohl said. “Much more effective—and easier to implement—is preventing firmware updates entirely using a hardware fuse (or software fuse for the interim as a somewhat effective stopgap).”
Nohl said another approach, one also advocated by Wilson and Caudill, is one that addresses host security over USB.
“Operating systems should introduce to USB a notion of device pairing, which we all know from Bluetooth. Such a whitelist of devices that a user has approved goes a long way, but is no silver bullet either,” Nohl said. “The main issue is the lack of serial numbers that make devices of the same make and model indistinguishable to a computer.”
BadUSB is an undetectable attack against computers communicating over USB; Nohl’s attack overwrites USB device firmware and allows an attacker to run code of their choosing. A flash drive plugged into a PC, could for example, emulate a keyboard and issue commands that steal data from the machine, spoof a computer’s network interface and redirect traffic by altering DNS settings, or could load malware from a hidden partition on the drive.
“The firmware update process normally starts by telling the drive to enter ‘boot mode,’ which allows for the transfer of executable code, such as code that receives and flashes a new firmware image,” Wilson said. “The patch stops the firmware from handling this command, thereby preventing firmware updates. By restricting boot mode, you are preventing our tools and the official tools from starting the firmware update process.”
Caudill and Wilson published attack code shortly after presenting it at the Derby Con security conference; their code targeted only Phison USB drives, the same drives Nohl and Lell went after. Nohl has yet to release his attack code because of its universal effectiveness; Caudill and Wilson hope their disclosure nudges vendors to look at and address the problem.
“The patch prevents software (malicious or otherwise) running on your computer from initiating the firmware update process. There are other ways of entering boot mode, such as by shorting pins on the controller, which requires physical access,” Wilson said. “Coating the drive in epoxy prevents that physical access, so you can allow others to use the drive without worrying that they’ll tamper with it. It’s all a matter of how paranoid you want to be about it.”
At Derby Con, Caudill and Wilson demonstrated their attack code, which emulated a keyboard connected to a PC over USB that executed predetermined script. They also showed another demonstration where code was executed from a hidden partition on a flash drive; the drive was not detected in either case by the PC.
“I don’t presume to have all the answers, nor assume that there are no answers, to this problem,” Wilson said, adding that he and Caudill have come under some criticism for releasing the attack code that updates the firmware on the affected devices. “My hope is that the collective knowledge and experience of people out there can and will come together to not only make the patch viable for the majority of drives out there, but come up with other solutions as well.”
