相較於傳統病毒攻擊模式,駭客可以利用BadUSB攻擊模擬成鍵盤和滑鼠之任何USB設備,利用BadUSB設備中的微處理器可動態傳送攻擊程式,從而完全控制主機,甚至連防毒軟體都會被關掉。因為BadUSB攻擊程式碼是隱藏在設備韌體裡,所以目前尚無防毒軟體可有效預防BadUSB攻擊。
本研究先開發出BadUSB設備並在載有安裝防毒軟體的測試機器上模擬攻擊,開發階段以USB封包分析儀器分析最佳攻擊參數,本研究證明此攻擊可以關閉防毒軟體,了解攻擊方法後再研究預防的策略,先以USB設備的特徵碼作為檢核,再以USB層級的防火牆作為最後防線;USB層級的防火牆是透過Filter驅動程式即時分析USB封包,如果發現惡意攻擊將即時攔截惡意封包並停用BadUSB設備,本研究將成功阻擋BadUSB攻擊並且對使用者的打擾降至最低。
Compared with the traditional virus attack mode, hackers can use BadUSB attack to simulate any USB device of keyboard and mouse, use the microprocessor of BadUSB device can transmit the attack program dynamically, and control the host completely, even the anti-virus software will be turned off. Because the BadUSB attack program code is hidden in the device firmware, there is no anti-virus software available to prevent BadUSB attacks.
This research first develops the BadUSB equipment and simulates the attack on the test machine containing the anti-virus software installed. In the development phase, the best attack parameters are analyzed by USB packet analysis instrument. This research proves that this attack can turn off anti-virus software, understand the attack method. This thesis then studies the prevention strategy, taking the characteristic code of USB device as checking core, following by regarding the firewall at the USB level as the last line of defense. The USB-level firewall is through the filter driver real-time analysis of USB packets, if the discovery of malicious attacks will real-time intercept malicious packets and disable BadUSB devices.
