Protection from Malware on USB Sticks

RockLobster · Feb 13, 2018

reasonablePrivacy said: ↑

USB, as name implies, is a serial bus. IIRC when usb keyboard sends a key it sends it to the all devices connected to the same bus. Thus you can create hardware keylogger. Let's say somebody loan you a USB device looking like pendrive. It can also be used as pendrive, but it has another hidden feature - keylogger. Anything you type while keylogger is connected to usb is going to be recorded. They you give it back and this person has at least some of your keystrokes.
Click to expand...

Yes the possibilities are scary, and obviously if it at some point tells the OS it is a also a keyboard, or perhaps a usb hub with multiple devices attatched it can behave as any or all, including sending commands to the OS to install payloads from its own storage.

Osaban · Feb 13, 2018

There are times that in my job I have to plug in many USB flash drives (literally hundreds over the last 12 years) and carefully check their contents, I'm not a technician but in my experience they are the most common carriers of malware.

I do use Sandboxie for browsing safety, but for flash drives in this particular situation whereby I have to save their contents, a combination of virtualization (Shadow Defender) an updated antivirus (Avira) would be my preliminary action. Once I finish my session, I would transfer all these new files (often 2GB) from my virtualized machine to an external drive.

Once at home the external drive would be further scanned with other tools to make sure it is clean. It goes without saying that most USB sticks were infected, although in the last 5 years they have been fairly clean probably due to the protection afforded by Windows Defender.

RockLobster · Feb 13, 2018

What we need is a way to transfer files securely between devices, specifically online to offline device and vice versa without exposing the offline device to potentially catastrophic malware carrying transfer media. I have an idea, im going to create an android app to test it.

ronjor · Mar 9, 2018

Researchers find 29 types of USB attacks, recommend never plugging into a USB you don't own

By Jason Hiner | March 8, 2018, 8:12 PM PST
If you ever find a lost charger, don't use it. If you need power and are tempted to plug into a public USB port, don't do it.
Click to expand...

Osaban · Mar 9, 2018

ronjor said: ↑

Researchers find 29 types of USB attacks, recommend never plugging into a USB you don't own
Click to expand...

My post No 52 is the way I deal with the problem, using virtualization. Obviously against a flash drive that might fry your machine, there isn't much that one can do except ask the owner of the USB to pay for your damages or have an insurance (I don't).

Krusty · Mar 9, 2018

ronjor said: ↑

Researchers find 29 types of USB attacks, recommend never plugging into a USB you don't own
Click to expand...

"The general rule of thumb is: treat technology as something you don't naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you're not aware. Treat it as a syringe: You wouldn't find a syringe in the parking lot, pick it up, and inject it to yourself. Because you're aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing."
Click to expand...

Interesting analogy.

Minimalist · Mar 30, 2018

The current state of USB data protection

Data protection, whether related to personal customer or patient information, is critical across virtually all industries. So how can organizations best protect their most sensitive and confidential information? To answer this question, Apricorn surveyed more than 400 employees in September 2017, ranging in ages from 18 to 65 across numerous industries that included education, finance, government, healthcare, legal, retail and manufacturing.

Among other things, the survey revealed that while USB drives are ubiquitous and widely used by employees across all industries, security policies for these devices are often severely outdated or inadequate for protecting critical enterprise data. Also, by failing to effectively monitor USB usage, organizations are leaving themselves vulnerable to data breaches, potentially putting their clients’ and employees’ personal information at risk of attack or unauthorized access.
Click to expand...

https://www.helpnetsecurity.com/2018/03/30/usb-data-protection/

Minimalist · Jun 12, 2018

Journalists covering the Trump-Kim summit were given free USB fans — but security experts warn they may be trojan horses full of malware

Journalists covering the summit between President Donald Trump and North Korean leader Kim-Jong Un in Singapore were given a fun gift bag that included a water bottle, a trial to The Straits Times newspaper, and a tourism guide to the island where it's taking place.

It also included a tiny fan that plugs into a mini-USB port or iPhone Lightning port for power, according to tweets from the historic event.
Click to expand...

http://uk.businessinsider.com/usb-fans-journalists-malware-trump-kim-jong-un-summit-2018-6

Krusty · Jun 13, 2018

Minimalist said: ↑

Journalists covering the Trump-Kim summit were given free USB fans — but security experts warn they may be trojan horses full of malware

http://uk.businessinsider.com/usb-fans-journalists-malware-trump-kim-jong-un-summit-2018-6
Click to expand...

The press kit from the Trump-Kim summit included a USB fan. Experts don't think it's safe

It seems harmless enough, plugging in a free USB-powered fan on a hot day.

But when it surfaced on Twitter yesterday that the item was included in a press pack handed out during the US-North Korea summit, it immediately drew concerns from some cyber experts about the potential for hidden malware.
Click to expand...

Should we be wary of all 'free' USBs or USB-powered devices?
Pretty much. Mr Phair says if you don't where it has come from or if you haven't opened it up directly from a packet, then you should be wary of what might be in it.

"This has been a high-risk issue for quite some time," he said.

As Mr Gellman pointed out in a follow-up to his tweet, the warning about USBs has become "standard security advice".

"I have no reason to think the Singapore government is responsible for every handout, and as I said I don't know what's on those devices. This is standard security advice. No knock on anyone," he tweeted.
Click to expand...

Rasheed187 · Jun 16, 2018

Minimalist said: ↑

Journalists covering the Trump-Kim summit were given free USB fans — but security experts warn they may be trojan horses full of malware

http://uk.businessinsider.com/usb-fans-journalists-malware-trump-kim-jong-un-summit-2018-6
Click to expand...

Good to see that people are still sharp, I must admit that even I could have made this mistake. But I do use EXE Radar to block executables from running from USB drives.

Minimalist · Jul 4, 2018

What was on a USB fan given at the Trump-Kim summit? Security experts say nothing — but don’t plug it in.

When journalists arrived in Singapore for the historic summit between President Trump and North Korean leader Kim Jong Un last month, security experts were alarmed by what awaited those who were covering the event. Inside a welcome bag that included bottled water featuring the faces of Trump and Kim and a guide to the area was something far more suspicious: a miniature fan that connects to a computer’s USB port.

The discovery prompted a security researcher to disassemble the fan to inspect the USB. Security experts say that people should never use USB devices without knowing where they come from.
Click to expand...

https://www.washingtonpost.com/tech...security-experts-say-nothing-but-dont-plug-it

guest · Aug 20, 2018

USBHarpoon Is a BadUSB Attack with A Twist
August 20, 2018
https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

With USBHarpoon, security experts replaced the USB drive with a charging cable, something that is as ubiquitous, but less likely for users to be cautious of.

The cable comes with modified connectors that allow both data and power to pass through so it will fulfill the expected function. This feature enables it to be accompanied by any type of device that powers through USB (fans, dongles distributed at conferences), without raising suspicions about plugging the cable.

The USBHarpoon / BadUSB cable attack is successful on unlocked machines, where it can launch commands that download and execute a payload. On Windows, the commands can run directly from the Run prompt; on Mac and Linux it could launch a terminal and work from there.

“The problems behind BadUSB were never addressed. This research is a timely reminder that anything USB can be turned malicious, even a simple charging cable,” Karsten Nohl, the original BadUSB researcher told Bleeping Computer.
Click to expand...

guest · Sep 7, 2018

Schneider Electric may have shipped USB drives infested with malware
The flash drives were "contaminated" during the manufacturing process.
September 7, 2018
https://www.zdnet.com/article/schneider-electric-shipped-usb-drives-infested-with-malware/

USB flash drivers sent with Conext Combox and Conext Battery Monitor products, part of Schneider Electric's solar power range, were "contaminated" during the manufacturing process, according to a security advisory released by the industrial equipment manufacturer.

Schneider Electric says that the USB media "may have been exposed to malware during manufacturing at a third-party supplier's facility."

The company, naturally, is asking customers not to load up or use the flash drives and recommends that the USB dongles should be disposed of.

Schneider Electric also says that the malware "should be detected and blocked by all major anti-malware programs," which suggests the malicious code is run-of-the-mill, rather than malware crafted for a targeted attack against Schneider Electric customers.
Click to expand...

s279 · Sep 18, 2018

Hi guys

Long time lurker who wanted to help answer this question. There are some projects out there that are looking to mitigate these trust based attacks (as USB as a standard has implicit trust/no defined security measures).

One is this project on github
https://github.com/JLospinoso/beamgun

Totally not the author, but it does seemingly work as even when I’ve plugged in non-malicious USB-Ethernet or USB HIDs it has waited for user authentication. There are also other variations of this software around.

EASTER · Sep 18, 2018

s279 said: ↑

Hi guys

Long time lurker who wanted to help answer this question. There are some projects out there that are looking to mitigate these trust based attacks (as USB as a standard has implicit trust/no defined security measures).

One is this project on github
https://github.com/JLospinoso/beamgun

Totally not the author, but it does seemingly work as even when I’ve plugged in non-malicious USB-Ethernet or USB HIDs it has waited for user authentication. There are also other variations of this software around.
Click to expand...

Thanks for your attention to this and sharing. Might be of some use for some.

Minimalist · Sep 25, 2018

USB threats from malware to miners

USB devices have been around for almost 20 years, offering an easy and convenient way to store and transfer digital files between computers that are not directly connected to each other or to the internet. This capability has been exploited by cyberthreat actors, most famously by the Stuxnet worm in 2010, which used USB devices to inject malware into the network of an Iranian nuclear facility.

Today, cloud services such as Dropbox have taken on much of the heavy lifting in terms of file storage and transfer, and there is greater awareness of the security risks associated with USB devices. Their use as an essential business tool is declining. Despite this, millions of USB devices are still produced and distributed annually, with many destined for use in homes, businesses and marketing promotion campaigns like trade show giveaways.

USB devices remain a target for cyberthreats. Kaspersky Lab data for 2017 shows that every 12 months or so, around one in four users worldwide is affected by a ‘local’ cyber incident. These are attacks detected directly on a user’s computer and include infections caused by removable media like USB devices.

This short report reviews the current cyberthreat landscape for removable media, particularly USBs, and provides advice and recommendations on protecting these little devices and the data they carry.
Click to expand...

https://securelist.com/usb-threats-from-malware-to-miners/

Krusty · Jul 5, 2019

Anyone know anything about USB Disk Security?

Log in or Sign up

Protection from Malware on USB Sticks

RockLobster Registered Member

Osaban Registered Member

RockLobster Registered Member

ronjor Global Moderator

Osaban Registered Member

Krusty Registered Member

Minimalist Registered Member

Minimalist Registered Member

Krusty Registered Member

Rasheed187 Registered Member

Minimalist Registered Member

guest Guest

guest Guest

s279 Registered Member

EASTER Registered Member

Minimalist Registered Member

Krusty Registered Member

Log in or Sign up

Protection from Malware on USB Sticks

RockLobster Registered Member

Osaban Registered Member

RockLobster Registered Member

ronjor Global Moderator

Osaban Registered Member

Krusty Registered Member

Minimalist Registered Member

Minimalist Registered Member

Krusty Registered Member

Rasheed187 Registered Member

Minimalist Registered Member

guest Guest

guest Guest

s279 Registered Member

EASTER Registered Member

Minimalist Registered Member

Krusty Registered Member

Useful Searches