Site icon Panda Security Mediacenter

The famous reversible USB could be a ‘malware’ loophole for your devices

usb

Wouldn’t it be nice not having to turn around several times your USB before connecting it to the computer? You won’t remember that feeling, very soon. The new connector Type-C USB, better known as reversible USB, is the answer to your problems, with the same number of pins or connectors in both sides. It will allow you to transfer data much faster as video signals or electric energy, with a similar size of a micro USB.

It is predicted that this new connector will be the standard in the future and maybe someday we will be able to charge all our devices with it. This specification, announced a couple of months ago by the USB Implementers Forum (USB-IF), is already been included in some laptops. Apple’s new MacBook integrates a USB-C port which allows you to charge your phone and to connect it with conventional devices, though you will have to buy a separate adapter.

Google has followed up and will include two new USB-C ports in their new ultra-thin laptop, the Chroomebook Pixel. The incorporation of these ports will be the trend to follow in the next months.

But it’s not all good news here: the new USB-C brings serious safety issues. After all it is based on the standard USB so it is vulnerable to ‘firmware’ attacks and other kinds of attacks that would affect the device in which the USB is connected to.

None of these issues are new, probably your USB drive has been infected more than once after connecting it to different computers. However, if we consider that the purpose of this new USB is to create a universal connector we will be facing more and more sophisticated attacks, which will be more difficult to avoid, so the port will become a malware loophole.

BadUSB vulnerability

One of the biggest concerns is the recent discovered BadUSB vulnerability, which lives in the firmware and modifies it, allowing the connected mobile device to become an attack vector.

“The additional openness and flexibility of USB Type-C comes with more attack surface,” says Karsten Nohl, one of the researchers who first discovered this type of attacks. “No solution for BadUSB is in sight even with this new standard.” USB is an open standard built on backwards compatibility and easy third-party access, which implies a serious security problem and which is not even near to fix it.

In practical terms, this means MacBook and Chromebook Pixel users are exposed to what we call a “borrowed charged attack”. Although new chargers don’t have the necessary firmware to carry the BasUSB malware, it would be very easy to infect a device and spread it within the compatible gadgets. After all, who doesn’t share almost daily a USB cable with another person?

Although Apple includes an authentication chip in all their power cords to verify that the firmware has not been changed, the port remains vulnerable to older devices.

If you have already decided to buy the latest MacBook or the new Chromebook, the best thing you can do to protect it, is to avoid connecting it to a device or charger you haven’t purchased. Despite all the benefits these reversible USB ports have, like high speed and efficiency, security must be improved to enjoy all the advantages of USB-C on laptops.

Exit mobile version