The good news about the recently-revealed BadUSB is that there actually is a cure: Hardware crypto engines were invented to protect software, firmware and hardware from exactly these types of attacks, among many others. These uber-tiny, ultra secure hardware devices can be easily and cost-effectively added to USB sticks (and other peripherals) Once installed into the peripherals, devices such as Atmel CryptoAuthentication will block the bad code. Period.
BadUSB is Bad for More Than Just USB
All systems with processors are vulnerable to bad code, which can do bad things to good systems. All it takes is a way to transfer bad code from one processor to another… and, that happens all the time. USB sticks, USB accessories, the Internet, wireless links like Wi-Fi or Bluetooth — you name it — can be vectors for diseased code. What BadUSB has revealed to us is that all embedded systems, unless equipped with robust protection mechanisms, are now vulnerable to catching diseased code. (Embola?)
One contracted, a machine infected with Embola can send private and sensitive information to bad guys, or let them take over your system for ransom or other mal-purposes. They can turn on cameras and microphones to spy, grab your photos and bank account information, or even mess with your car. Whatever they want they can have, and you most likely will never know it.
So, what can you do to protect against Embola? The answer is twofold:
1. Don’t let the bad code in, and
2. If it does get in don’t let it run.
While this sounds pedantically simplistic, these steps are NOT being taken. They are described here:
Secure download uses encryption to ensure that the code that is received by the embedded system is kept away from hackers. The code is encrypted using an algorithm such as Advanced Encryption System (AES) by using an encryption key. That encryption key is created using a secret that is only shared with the target system. The encrypted code is sent to the target embedded system to be decrypted and loaded for its use.
There is another step that can be taken that adds even more security, which is authentication using a digital signature. If the decrypted code has not been altered, the signature made on the digest of that decrypted code and the signing key will be exactly the same as the signature that was sent over during download. Once authenticated the code can be safely run on the target system. What does this mean? No risk of Embola!
Secure boot also uses digital signatures to ensure that the code to be booted when the target system starts up matches the code that the manufacturer intended and has not been tampered with. It sort of works in a similar way as secure download. If the code to be booted has been altered, then the signature made by hashing the digest of that code with a secret signing key will not match the signature from the manufacturer. If they don’t match, the code will not load.
Bill Boldt, Sr. Marketing Manager, Crypto Products Atmel CorporationShare this post via: