Jump to content

17 posts in this topic

Posted

BadUSB hack may be one of the biggest threats you have heard of!

 

A new threat named

Share this post


Link to post
Share on other sites

Posted

I just filled my USB ports with epoxy glue, just to be safe.

3 people like this

Share this post


Link to post
Share on other sites

Posted

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.

Share this post


Link to post
Share on other sites

Posted

From what I was reading (different article), they found it's possible to re-program the usb low level firmware code on ALL usb devices, and since it's running on such a low level, nothing is designed to check / look at this code. It's also hinted that in Snowden leaks of NSA tools information, the usb one **could** be using this vulnerability.

 

They have a usb device as an example there going to show off at the conference that can backdoor, redirect internet traffic by plugging in to a computer just by plugging in. To add to it, the person discovering / presenting to the black hat conference coming up, they had no good code he had access to so there's no comparison to determine good / bad code. 

 

Article - http://www.techspot.com/news/57591-researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight.html

Share this post


Link to post
Share on other sites

Posted

It's the end of computing as we know it.

Share this post


Link to post
Share on other sites

Posted

Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.

Share this post


Link to post
Share on other sites

Posted

it's time to get rid of usb

Share this post


Link to post
Share on other sites

Posted

It's the end of computing as we know it.

 

Arrrrgh! I'm buying a year supply of water, food and necessities! game over, game over man..

 

3666136-5719310562-13266.jpg

Share this post


Link to post
Share on other sites

Posted

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.


karsten nohl is legit, i would take his word for it. afterall, he did break a5/1.


Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.


write protect switches lock writing to the flash memory on mass storage devices, i don't think they protect against writing to the usb firmware,which is most likely contained in a piece of memory inside the usb controller chip.

Share this post


Link to post
Share on other sites

Posted

I just filled my USB ports with epoxy glue, just to be safe.

I did this once to keep It from being used.

Share this post


Link to post
Share on other sites

Posted

ok I will keep an eye out for this bad guy

android-malware.jpg

1 person likes this

Share this post


Link to post
Share on other sites

Posted

they just realize this, usb has been in use for how long now?!

Share this post


Link to post
Share on other sites

Posted

Was discussing this with a few mates earlier this morning.

 

TBH, I don't think it's as bad as they suggest. Yet.

Share this post


Link to post
Share on other sites

Posted

i hate to say it but.......

 

 

[spoiler]all your usb are belong to us[/spoiler]

Share this post


Link to post
Share on other sites

Posted

Yeah I'm going to take this with a grain of salt, I don't see most USB devices having programmable firmware (Why use an EEPROM when an EPROM would be better suited to the job?), let alone have that ability opened to USB programming (vs. an on-board connection). And even then different devices are going to have different hardware, so you won't see one single hack effect every device (Try taking a BIOS from one system to another and see how well that works)

Share this post


Link to post
Share on other sites

Posted

Damn it I knew my USB Disco ball would be a source of infection.


Or was it the USB hoover.....

Share this post


Link to post
Share on other sites

Posted

Most usb devices can take firmware updates, so i imagine thats one access vector to re-purpose a device for malicious means.  Android phones to.  I dont see it getting wide-spread though..It's definitely made me think twice about buying cheap chinese usb devices.  Ever since I started working in information security, ive always wondered what comes on those cheap android media players n stuff. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.