And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.
Ok, this all makes sense. If you’re in the firmware you can do things a USB device can do, act as a keyboard, etc. It’s also easy to understand how you could corrupt data going in or out of the device.
The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases.
Someone please explain to me how this works. I have to guess they mean after your computer is infected via “replaced” software - but they don’t actually say that. I wasn’t aware that any random USB device could silently hijack my Internet traffic… or perhaps if it was acting as a USB network device - but then wouldn’t that pretty much break routing to real sites completely? I’d like to see some more information on this.
Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer.
But if someone only used verified, code-signed software (like on Mac’s) it seems they’d be safe from USB firmware alterations - since the signature would no longer match.