BadUSB: What you can do about undetectable malware on a flash drive

After reading about BadUSB, Barbara asked if it was safe to share files through a flash drive. “Would we be safer using a cloud service?”

A cloud service might be safer than a flash drive, although that has its own dangers—especially with privacy. BadUSB shows us that malware can infect and reside in a flash drive’s firmware, which your antivirus program can’t scan the way it can scan the drive’s main storage. It’s like having the malware in your motherboard’s BIOS—except that this motherboard will likely get plugged into multiple computers.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to answer@pcworld.com.]

As far as we know, as I write this, BadUSB is not yet malware. It’s an experiment intended to prove this sort of thing can happen and that we need to protect ourselves.

But if it were malicious, it could trick your PC into thinking it’s a USB keyboard, and then tell it to download something bad. It could take over your DNS settings and send you to the wrong websites.

Luckily, your antivirus software would probably catch and block this sort of activity . But that’s probably, not definitely.

Better flash drives would fix the problem. IronKey claims its drives use digitally signed code, which makes it impossible for anyone else to change the firmware.

If IronKey is correct, and if other companies follow their lead, the problem will go away…eventually.

In the meantime, here’s what you can do to protect yourself:

  1. Don’t share flash drives. Stick with the cloud for file sharing.
  2. Follow the general rules of PC security: an up-to-date antivirus, a firewall, Web protection, and so on.
  3. Let the manufacturers know that you want BadUSB-immune portable storage.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related:
Shop Tech Products at Amazon
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.