Jump to content



Photo

BadUSB hack may be one of the biggest threats you have heard of!


  • Please log in to reply
16 replies to this topic

#1 +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,547 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 02 August 2014 - 19:25

BadUSB hack may be one of the biggest threats you have heard of!

 

A new threat named “BadUSB” has just emerged, a name that may be a bit of an understatement. This exploit is one of the nastiest security threats we have seen in a long time. It’s dangerous, often undetectable and very hard to kill. BadUSB literally leaves current antivirus defenses harmless and blind.

This exploit was discovered by a group of white hat hackers that plan to showcase their discoveries at the Black Hat security conference in Las Vegas, which takes place next week. But what exactly does this threat do, and what makes it so hard to deal with? It’s its very nature that makes it no average threat.

BadUSB doesn’t simply infect your computers, it infects most USB devices that are connected to it. This includes odd peripherals like web cams, keyboards and many other types of USB devices. Sadly, this does include Android smartphones, which could be turned into malicious network cards. These smartphones, when connected to computers, would fool the user into connecting to malicious pages that impersonate popular websites like Facebook and Google.

 

http://www.androidau...sb-hack-412902/




#2 Enron

Enron

    Windows for Workgroups

  • 9,829 posts
  • Joined: 30-May 11
  • OS: Windows 8.1 U1
  • Phone: Nokia Lumia 900

Posted 02 August 2014 - 19:40

I just filled my USB ports with epoxy glue, just to be safe.



#3 +Phouchg

Phouchg

    Resident Misanthrope

  • 5,689 posts
  • Joined: 28-March 11
  • Location: Neowin Detainment Camp

Posted 02 August 2014 - 19:42

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.



#4 Jason Stillion

Jason Stillion

    Neowinian

  • 1,434 posts
  • Joined: 04-April 12
  • Location: United States

Posted 02 August 2014 - 19:59

From what I was reading (different article), they found it's possible to re-program the usb low level firmware code on ALL usb devices, and since it's running on such a low level, nothing is designed to check / look at this code. It's also hinted that in Snowden leaks of NSA tools information, the usb one **could** be using this vulnerability.

 

They have a usb device as an example there going to show off at the conference that can backdoor, redirect internet traffic by plugging in to a computer just by plugging in. To add to it, the person discovering / presenting to the black hat conference coming up, they had no good code he had access to so there's no comparison to determine good / bad code. 

 

Article - http://www.techspot....x-in-sight.html



#5 Hum

Hum

    totally wAcKed

  • 62,935 posts
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 02 August 2014 - 20:04

It's the end of computing as we know it.



#6 OP +warwagon

warwagon

    Only you can prevent forest fires.

  • 26,547 posts
  • Joined: 30-November 01
  • Location: Iowa

Posted 02 August 2014 - 20:05

Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.



#7 Melfster

Melfster

    Neowinian Senior

  • 1,706 posts
  • Joined: 04-August 05

Posted 02 August 2014 - 20:13

it's time to get rid of usb



#8 chrisj1968

chrisj1968

    copyrighted!! ©

  • 4,277 posts
  • Joined: 17-June 08
  • Location: United States

Posted 02 August 2014 - 20:14

It's the end of computing as we know it.

 

Arrrrgh! I'm buying a year supply of water, food and necessities! game over, game over man..

 

3666136-5719310562-13266.jpg



#9 vcfan

vcfan

    Doing the Humpty Dance

  • 5,071 posts
  • Joined: 12-June 11

Posted 04 August 2014 - 02:51

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.


karsten nohl is legit, i would take his word for it. afterall, he did break a5/1.


Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.


write protect switches lock writing to the flash memory on mass storage devices, i don't think they protect against writing to the usb firmware,which is most likely contained in a piece of memory inside the usb controller chip.

#10 conna

conna

    Conna

  • 523 posts
  • Joined: 10-June 03

Posted 04 August 2014 - 03:01

I just filled my USB ports with epoxy glue, just to be safe.

I did this once to keep It from being used.



#11 Krome

Krome

    Neowinian God!

  • 4,272 posts
  • Joined: 29-August 01

Posted 04 August 2014 - 03:06

ok I will keep an eye out for this bad guy

android-malware.jpg



#12 Ci7

Ci7

    Neowinian Senior

  • 8,220 posts
  • Joined: 21-June 08
  • OS: Windows 8
  • Phone: Sony XZ

Posted 04 August 2014 - 03:10

they just realize this, usb has been in use for how long now?!



#13 Raa

Raa

    Resident president

  • 12,800 posts
  • Joined: 03-April 02
  • Location: NSW, Australia

Posted 04 August 2014 - 03:59

Was discussing this with a few mates earlier this morning.

 

TBH, I don't think it's as bad as they suggest. Yet.



#14 rocksturdy

rocksturdy

    Neowinian

  • 81 posts
  • Joined: 27-July 14

Posted 04 August 2014 - 04:03

i hate to say it but.......

 

 

Spoiler



#15 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • 19,428 posts
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 04 August 2014 - 06:16

Yeah I'm going to take this with a grain of salt, I don't see most USB devices having programmable firmware (Why use an EEPROM when an EPROM would be better suited to the job?), let alone have that ability opened to USB programming (vs. an on-board connection). And even then different devices are going to have different hardware, so you won't see one single hack effect every device (Try taking a BIOS from one system to another and see how well that works)