+Warwagon MVC Posted August 2, 2014 MVC Share Posted August 2, 2014 BadUSB hack may be one of the biggest threats you have heard of! A new threat named ?BadUSB? has just emerged, a name that may be a bit of an understatement. This exploit is one of the nastiest security threats we have seen in a long time. It?s dangerous, often undetectable and very hard to kill. BadUSB literally leaves current antivirus defenses harmless and blind.This exploit was discovered by a group of white hat hackers that plan to showcase their discoveries at the Black Hat security conference in Las Vegas, which takes place next week. But what exactly does this threat do, and what makes it so hard to deal with? It?s its very nature that makes it no average threat.BadUSB doesn?t simply infect your computers, it infects most USB devices that are connected to it. This includes odd peripherals like web cams, keyboards and many other types of USB devices. Sadly, this does include Android smartphones, which could be turned into malicious network cards. These smartphones, when connected to computers, would fool the user into connecting to malicious pages that impersonate popular websites like Facebook and Google. http://www.androidauthority.com/badusb-hack-412902/ Link to comment Share on other sites More sharing options...
123456789A Posted August 2, 2014 Share Posted August 2, 2014 I just filled my USB ports with epoxy glue, just to be safe. astropheed, Brendeth and Dinggus 3 Share Link to comment Share on other sites More sharing options...
Phouchg Posted August 2, 2014 Share Posted August 2, 2014 Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming. Link to comment Share on other sites More sharing options...
+Eternal Tempest MVC Posted August 2, 2014 MVC Share Posted August 2, 2014 From what I was reading (different article), they found it's possible to re-program the usb low level firmware code on ALL usb devices, and since it's running on such a low level, nothing is designed to check / look at this code. It's also hinted that in Snowden leaks of NSA tools information, the usb one **could** be using this vulnerability. They have a usb device as an example there going to show off at the conference that can backdoor, redirect internet traffic by plugging in to a computer just by plugging in. To add to it, the person discovering / presenting to the black hat conference coming up, they had no good code he had access to so there's no comparison to determine good / bad code. Article - http://www.techspot.com/news/57591-researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight.html Link to comment Share on other sites More sharing options...
Hum Posted August 2, 2014 Share Posted August 2, 2014 It's the end of computing as we know it. Link to comment Share on other sites More sharing options...
+Warwagon MVC Posted August 2, 2014 Author MVC Share Posted August 2, 2014 Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use. Link to comment Share on other sites More sharing options...
Melfster Posted August 2, 2014 Share Posted August 2, 2014 it's time to get rid of usb Link to comment Share on other sites More sharing options...
chrisj1968 Posted August 2, 2014 Share Posted August 2, 2014 It's the end of computing as we know it. Arrrrgh! I'm buying a year supply of water, food and necessities! game over, game over man.. Link to comment Share on other sites More sharing options...
vcfan Posted August 4, 2014 Share Posted August 4, 2014 Oh, I'll want to see this. I've too little experience to declare it an outright FUD, but at this time it's only a single point more believable than BadBIOS (hint: it wasn't at all), as I do believe that many device manufacturers have left microcontrollers (residing even in MicroSD cards) open to casual, unverified reprogramming. karsten nohl is legit, i would take his word for it. afterall, he did break a5/1. Although it does look like those write protection switches ... you know... the ones that almost NOBODY sells USB drives with. Does protect against it. Which is why for years the ones have have write protection switches are the only ones I use. write protect switches lock writing to the flash memory on mass storage devices, i don't think they protect against writing to the usb firmware,which is most likely contained in a piece of memory inside the usb controller chip. Link to comment Share on other sites More sharing options...
conna Posted August 4, 2014 Share Posted August 4, 2014 I just filled my USB ports with epoxy glue, just to be safe. I did this once to keep It from being used. Link to comment Share on other sites More sharing options...
Krome Posted August 4, 2014 Share Posted August 4, 2014 ok I will keep an eye out for this bad guy Circaflex 1 Share Link to comment Share on other sites More sharing options...
Ci7 Posted August 4, 2014 Share Posted August 4, 2014 they just realize this, usb has been in use for how long now?! Link to comment Share on other sites More sharing options...
Raa Posted August 4, 2014 Share Posted August 4, 2014 Was discussing this with a few mates earlier this morning. TBH, I don't think it's as bad as they suggest. Yet. Link to comment Share on other sites More sharing options...
rocksturdy Posted August 4, 2014 Share Posted August 4, 2014 i hate to say it but....... all your usb are belong to us Link to comment Share on other sites More sharing options...
The_Decryptor Veteran Posted August 4, 2014 Veteran Share Posted August 4, 2014 Yeah I'm going to take this with a grain of salt, I don't see most USB devices having programmable firmware (Why use an EEPROM when an EPROM would be better suited to the job?), let alone have that ability opened to USB programming (vs. an on-board connection). And even then different devices are going to have different hardware, so you won't see one single hack effect every device (Try taking a BIOS from one system to another and see how well that works) Link to comment Share on other sites More sharing options...
Dotdot Posted August 4, 2014 Share Posted August 4, 2014 Damn it I knew my USB Disco ball would be a source of infection.Or was it the USB hoover..... Link to comment Share on other sites More sharing options...
Beyond Godlike Posted August 4, 2014 Share Posted August 4, 2014 Most usb devices can take firmware updates, so i imagine thats one access vector to re-purpose a device for malicious means. Android phones to. I dont see it getting wide-spread though..It's definitely made me think twice about buying cheap chinese usb devices. Ever since I started working in information security, ive always wondered what comes on those cheap android media players n stuff. Link to comment Share on other sites More sharing options...
Recommended Posts