A virus that discreetly infests hardware may be the user’s worst nightmare. Hardware attacks are much scarier than attacks on the operating system because ordinary antivirus scans don’t examine systems at the hardware level. Such attacks pose a very real threat because every day we use hardware that has exploitable vulnerabilities. For example, a couple of years ago researchers found an inherent flaw in the USB interface. They called it BadUSB.
By tampering just slightly with the USB device’s firmware code, an outside party can modify it and inject malware that makes the compromised device pretend it is something else.
After such a modification, an ordinary thumb drive might, for example, impersonate a USB keyboard and input certain commands — say, to erase all of your files. Or it could pretend it’s a network adapter and listen to the data flow between a computer and the Internet.
The problem is that such malware is stored in the thumb drive’s controller, invisible from the outside. An ordinary antivirus product cannot dig that deep: It does not see any viruses on the flash drive because the malware is on a much lower layer than a standard antivirus sweep checks. The second issue is that there is no cure for the inherent USB flaw.
— Kaspersky Lab (@kaspersky) April 27, 2015
However, a group of Kaspersky Lab experts — Oleg Zaitsev, Olga Domke, Konstantin Manurin, and Mikhail Levinsky — found a way to deal with the problem. Their technology automatically tracks USB devices’ behavior, and it blocks devices that behave suspiciously.
Olga Domke explains: “Although attacks using modified or corrupted USB devices are considered theoretical, BadUSB’s presence excites clients’ interest in protection solutions. Nobody wants to be unprotected when theory translates into practice.” And so the product and component teams worked together to develop “BadUSB attack” for Kaspersky Endpoint Security for Windows, a heuristic component that balances endpoint usability and administrator peace of mind.