Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Irreplaceable removable media

Read: 19968 Comments: 9 Rating: 16

Tuesday, June 30, 2020

We wrote quite a lot about malware that spreads via #removable_media. But malicious programs aren't the only hazard lurking on flash drives. Remember this saying? "All that glitters Is not gold." It relates directly to our topic! We already wrote about the disguises flash drives can wear. But it is high time to brush up on our knowledge on this subject.

The fact is that if you plug in a device that looks like a USB flash drive or mouse, you don't generally think these devices could actually be something else. Meanwhile, whenever something gets plugged into a USB port, the computer will ask: And who are you? So it requests a device ID and loads the drivers that will enable it to interact with this unknown "creature". But you also need to understand one important thing: The device you're plugging into the USB port may have features you know nothing about. Let's say you have received a computer mouse as a gift. And it will behave as a typical mouse. But it will also transmit certain commands to your system. The computer does not realize the monster you've plugged into the USB port shouldn't function as anything other than a common mouse.

So you insert a USB stick and suddenly a browser window pops up and a sad clown begins turning the handle of a pipe organ. When the tune ends, the flash drive goes “boom” and … in the best case scenario you are now showered with confetti.


And what if someone gives you an awesome teddy bear as a gift?

The FIN7 cybercriminal group attacks businesses by sending malicious USB sticks via USPS. When connected to a computer, these devices behave like a regular keyboard and let attackers run commands and install a JavaScript backdoor.



The seemingly “official” letter informs victims that they are entitled to a Best Buy gift card and can find a list of products available for purchase on the enclosed USB stick. In reality, the victim will receive nothing from the fake gift card – but the USB dongle does contain a surprise. Namely, a host of malicious programs.

Researchers discovered the ARDuino microcontroller on the USB stick was programmed to emulate a USB keyboard.


It is also worth mentioning that a "gift" you may receive is not necessarily a custom-manufactured development as described in the example above. A common flash drive can be exploited this way, too!

Flash drives (as well as other USB devices) can no longer be regarded merely as storage media. They are now actually computers that can be programmed to perform specific tasks.

Let's run a Google search to find the flash drive we need. Phison controllers are quite common. Even I managed to find the right one in my home collection.


All the tools attackers may need to reprogram flash drives are available free on the Internet. One website even offers visitors a user-friendly web interface that generates custom scripts they need for their devices.

The danger is not limited to flash drives, mice and other larger devices. In fact, even a seemingly ordinary USB cable can be used to mount a BadUSB attack.

To his report on the development of USBHarpoon, Vincent Yiu attached a video demonstrating how a drone connects to a Windows PC and sends it commands to engage in potentially harmful activities.


Has someone asked you to charge their device? Think twice before agreeing to help.

And a word of warning from experts:

Anti-viruses are simply unable to evaluate actions initiated by removable media. How can an anti-virus distinguish between malicious USB drives and ordinary network adapters?


Sounds pretty scary, right? There is more yet—satellites will soon start using USB ports, too.

The next thing we’re planning is to outfit new satellites with something like a USB-port for power supply and data transfers. With this system, operators can even attach new types of payload to the satellites.


#removable_media #technologies #vulnerability

The Anti-virus Times recommends

Dr.Web is not ready to protect satellites yet. It is what it is. Meanwhile, ordinary users and businesses can thoroughly protect their devices and infrastructures with Dr.Web.


If you want Dr.Web to check whether connected devices are actual keyboards, enable the option "Notify about devices with BadUSB vulnerability detected as a keyboard". If this option is toggled on, an unlock dialogue will appear whenever a keyboard is connected to the PC. You will need to press specified keys on the keyboard.


Clicking on the link " Technical details" will bring up a window containing detailed information about the device


Take good care of yourselves and your devices!


Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.