A new threat named “Bad USB” has just emerged, a name that may be a bit of an understatement. This exploit is one of the nastiest security threats I have seen in a long time. It’s dangerous, often undetectable and very hard to kill. Bad USB literally leaves current antivirus defenses harmless and blind.
What exactly does this threat do, and what makes it so hard to deal with? Bad USB doesn’t simply infect your computers, it infects most USB devices that are connected to it. This includes odd peripherals like webcams, keyboards and many other types of USB devices. Sadly, this does include Android smartphones, which could be turned into malicious network cards. These smartphones, when connected to computers, would fool the user into connecting to malicious pages that impersonate popular websites like Facebook and Google.
Because this hack bakes itself into USB devices, it is nearly impossible to clean without taking extreme measures, like disassembling infected devices and reverse-engineering them. Trying to wipe the infection with an anti-virus will also be useless, since this hack affects devices’ very firmware. For the same reason, simply formatting, say, a USB flash drive will do nothing. This process only cleans the storage, not the firmware. It turns out using USB devices does much more than just allow a connection to your computer. It opens a portal and gives peripherals excessive access to your hardware and software. I would not be afraid to say that the next time you have a virus on your computer, you pretty much have to assume your peripherals are infected, and the computers of other people who connected to those peripherals are infected too.
To my knowledge, this is the biggest Cyber Security threat I have seen in years in my career and the irony to the fact is that this exploit is not very widely known yet. You should periodically conduct Vulnerability Assessment of your IT infrastructure to reveals exposures and gaps that may be prone to a cyber attack