SECURITY EVANGELIST

BadUSB vulnerability is considered one of the worst IT vulnerabilities ever found.

To remove BadUSB vulnerability, first you need to create a blacklist. After that, avoid automatic USB installation and disable inactive USB ports. But let’s see what is BadUSB and how it works.

Discovered a few months ago, this big security hole affects the way USB devices communicate with an operating system.

BadUSB is a major security flaw that allows online criminals turn a simple USB device, for example a keyboard, into a means of sending malicious commands from the user’s computer to trigger an action or contact a server controlled by hackers. To be able to do this, the firmware in the USB controller chip is reprogrammed. Protection against this type of threat is difficult to secure, since there are no means available against this type of threat.

Using this flaw, cyber-criminals can obtain important details on exploiting vulnerabilities in USB controllers, present in many types of USB devices. Since USB devices are used on a regular basis and are part of our systems, we need to know how to stay safe from this vulnerability.

For more information on BadUSB vulnerability, you can also check our this NakedSecurity article.

Our security researchers have now come up with a few simple steps you can follow in your Windows operating system to stay safe:

Create a Blacklist

There are several ways we can limit our exposure to this vulnerability, and one of these methods is by creating a blacklist.

Follow the steps below:

    1. Go to Start – > Run and type in gpedit.msc to reach Local Group Policy Editor.
    2. Access the following: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions. You should arrive in the location from the image below:

Local Groups Policy Editor - BadUSB fix

  1. Double click Prevent installation of devices using drivers that match these device setup classes and choose Enable.
  2. In the same location, click Show to create a blacklist of USB devices via their GUID.

You have a few examples below:

4d36e96b-E325-11CE-BFC1-08402BE10318 – this one controls the automatic installation of USB keyboards.

4D36E972-E325-11CE-BFC1-08012BE10318 – this one corresponds to the NIC (network interface controller)

e0cbf06c-cd8b-4647-bb8a-263b45f0f974 – this one is for bluetooth.

For more information about GUID numbers, check this quick guide.

 

Avoid automatic USB installation

Another option to keep your system safe from the BadUSB vulnerability is to disable the automatic installation of new USB devices.

Therefore, go to the same location as above and follow these steps:

1. Double click Prevent installation of removable devices and Enable it.

2. Double click Allow administrators to override Device Installation Restrictions policies and Enable it.

In this case, we need to underline that if you want to install a removable device in the future, you will need to do it with Administrative rights.

 

Disable inactive USB ports

Though it is not a very popular method, our security researchers suggest that you should disable those inactive USB ports.

We also need to emphasize that unknown USB devices from uncertain sources should not be installed on the system.

 

Conclusion

When we think of system vulnerabilities and malware, we naturally imagine an operating system connected to the Internet, that needs to protect valuable data and private information from all sorts of online threats.

But malware and security flaws can be spread and addressed also through a USB device. Using a USB device for this malicious purpose has now become a favorite tool for online criminals’ actions. For this reason, we advise caution when using an unknown USB device or one that comes from an unknown location or source.

For more ways to remove malware, please refer to the cybersecurity mega-guide.

The easy way to protect yourself against malware
Here's 1 month of Thor Foresight Home, on the house!
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

Try Thor Foresight

This post was originally published by Aurelian Neagu in October 2014.

Detecting and Preventing Phishing
2018.07.25 SLOW READ

The ABCs of Detecting and Preventing Phishing

Improve your Online Privacy
2016.11.28 INTERMEDIATE READ

Online Privacy in Under 1 Hour: Improve Your Security Fast

About the Time I Got Hacked
2016.02.10 INTERMEDIATE READ

True Story: About the Time I Got Hacked and Lost All My Work

Comments

I know I’m a little late to the party, but I wanted to chime in…

Given the fact that viruses have existed pretty much as long as computers have, and the fact that every single mechanism ever invented for the automatic execution of code has been used to spread malicious programs, exactly how stupid do hardware designers have to be to create devices that can have their firmware reprogrammed on the fly with absolutely no security whatsoever?

That’s like telling someone to remove the front door to their house to make it more convenient to enter and leave, then being surprised when the house gets robbed.

Exactly how common are official, user-flashable firmware updates for mice, keyboards, thumb drives and external hard drives? Can you point me to some examples of these? If not, why do these devices even have reprogrammable firmware in the first place? Why isn’t it permanently stored in ROM? Or at the very least, physically protected against being re-written? I always assumed that’s how it was done, since that’s what common sense would dictate.

How many times do designers have to make the exact same damn mistakes before they learn? Why is security ALWAYS something that they think of later, after millions of their products are in use and the lack of security is being exploited for malicious purposes?

Hey, wanna buy my new product? It automatically unlocks your car, opens the doors and starts the engine as soon as anyone gets within a few feet of the vehicle. It’s a real time saver! People are going to love it!

how can i do this in cmd (bat)?

Would this also keep existing firmware safe? I’m not buying a K70 gamer keyboard if some zero-day Flash hole allows a trusted website’s external ad to put an undetectable, unerasable bug in it.

Hi Cees!

This vulnerability has been solved, so you needn’t worry about it. However, there’s no guarantee that a security vulnerability such as this one won’t occur in the future, which is why we recommend building a multi-layer security system, that includes and antivirus product and a solution that can protect you from advanced cyber threats. This particular security guide for gamers may come in handy: https://heimdalsecurity.com/blog/time-to-unlock-18-valuable-cyber-security-tips-for-gamers/

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP