BadUSB hack may be one of the biggest threats you have heard of!


Recommended Posts

BadUSB hack may be one of the biggest threats you have heard of!

 

A new threat named ?BadUSB? has just emerged, a name that may be a bit of an understatement. This exploit is one of the nastiest security threats we have seen in a long time. It?s dangerous, often undetectable and very hard to kill. BadUSB literally leaves current antivirus defenses harmless and blind.

This exploit was discovered by a group of white hat hackers that plan to showcase their discoveries at the Black Hat security conference in Las Vegas, which takes place next week. But what exactly does this threat do, and what makes it so hard to deal with? It?s its very nature that makes it no average threat.

BadUSB doesn?t simply infect your computers, it infects most USB devices that are connected to it. This includes odd peripherals like web cams, keyboards and many other types of USB devices. Sadly, this does include Android smartphones, which could be turned into malicious network cards. These smartphones, when connected to computers, would fool the user into connecting to malicious pages that impersonate popular websites like Facebook and Google.

 

http://www.androidauthority.com/badusb-hack-412902/

Link to comment
Share on other sites

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.

Link to comment
Share on other sites

From what I was reading (different article), they found it's possible to re-program the usb low level firmware code on ALL usb devices, and since it's running on such a low level, nothing is designed to check / look at this code. It's also hinted that in Snowden leaks of NSA tools information, the usb one **could** be using this vulnerability.

 

They have a usb device as an example there going to show off at the conference that can backdoor, redirect internet traffic by plugging in to a computer just by plugging in. To add to it, the person discovering / presenting to the black hat conference coming up, they had no good code he had access to so there's no comparison to determine good / bad code. 

 

Article - http://www.techspot.com/news/57591-researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight.html

Link to comment
Share on other sites

Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.

Link to comment
Share on other sites

It's the end of computing as we know it.

 

Arrrrgh! I'm buying a year supply of water, food and necessities! game over, game over man..

 

3666136-5719310562-13266.jpg

Link to comment
Share on other sites

Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming.

karsten nohl is legit, i would take his word for it. afterall, he did break a5/1.

Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use.

write protect switches lock writing to the flash memory on mass storage devices, i don't think they protect against writing to the usb firmware,which is most likely contained in a piece of memory inside the usb controller chip.

Link to comment
Share on other sites

Yeah I'm going to take this with a grain of salt, I don't see most USB devices having programmable firmware (Why use an EEPROM when an EPROM would be better suited to the job?), let alone have that ability opened to USB programming (vs. an on-board connection). And even then different devices are going to have different hardware, so you won't see one single hack effect every device (Try taking a BIOS from one system to another and see how well that works)

Link to comment
Share on other sites

Most usb devices can take firmware updates, so i imagine thats one access vector to re-purpose a device for malicious means.  Android phones to.  I dont see it getting wide-spread though..It's definitely made me think twice about buying cheap chinese usb devices.  Ever since I started working in information security, ive always wondered what comes on those cheap android media players n stuff. 

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.