Free tool from German virus protection experts prevents attacks using USB keyboards.
Malware that infects computers when a manipulated USB stick is connected has been around for several years. Researchers at the Berlin Security Research Labs (SRLabs) have discovered a new, previously unnoticed method of infection. The new type of attack was demonstrated at the Black Hat hacker conference in Las Vegas at the beginning of August: the firmware on a USB device can be changed so that it can pretend to be any type of device when connected. A seemingly harmless USB stick could log on to the system as a keyboard and secretly enter harmful command lines in the PowerShell interface. The attacker would then be able to gain control of the infected system. This attack method is possible because USB devices such as printers, cameras or USB sticks are generally deemed to be safe and therefore have full access to the system. G DATA security experts have developed the free G DATA USB Keyboard Guard as protection against manipulated USB devices.
Although we are not aware of an actual attack so far, the potential consequences of this new form of attack are severe. Less obvious attacks based on USB connections are also conceivable. "If the firmware is overwritten, every USB device can turn into a potential source of danger. In the worst case, USB viruses could be created," says Ralf Benzmüller, head of G DATA SecurityLabs, on the severity of the situation. The most effective way of executing these attacks is to use USB keyboards. If you can use keyboard commands to open a command line interface like PowerShell, you can gain full control of the computer and type in commands. These are impossible to distinguish from real keyboard actions and are not registered by the security mechanisms in antivirus solutions.
Access to new keyboard is prevented at first
G DATA has responded immediately and developed G DATA USB Keyboard Guard. It offers protection against the most likely form of abuse to be used in an attack - USB devices that pretend to be keyboards. If a system detects a new keyboard, access is prevented at first and a pop-up is displayed. The user then has time to check whether the device is actually a keyboard and can permanently permit or prevent access. If the device in question has been manipulated (a programmable USB stick or a web cam that has been infected by a USB virus, for example), access to the device can be blocked. This effectively prevents attacks using keyboards.
Operating system is unable to distinguish between fake and real input
Targeted USB attacks on companies are particularly serious. But home users are also at risk. Considering almost 100 million USB sticks are circulating in Germany (source: Statista), this risk must be taken seriously. "When you connect an infected USB device, it is basically like sitting a hacker down in front of your PC", is how Ralf Benzmüller assesses the consequences. "The operating system is unable to distinguish between fake and real input. With G DATA USB Keyboard Guard, we offer the most effective protection against such attacks."
The free tool is independent of the installed antivirus solution and compatible with other antivirus products. www.gdatasoftware.com/usb-keyboard-guard
How to install G DATA USB Keyboard Guard:
Windows (32 bit / 64 bit): Windows 8.x / 8 / 7 / Vista, at least 1 GB RAM; (32 bit): Windows XP (SP2 and above), at least 512 MB RAM