Jump to content




Welcome to Unexplained Mysteries! Please sign in or create an account to start posting and to access a host of extra features.


- - - - -

Security of USB Is Fundamentally Broken


  • Please log in to reply
6 replies to this topic

#1    questionmark

questionmark

    Cinicus Magnus

  • Member
  • 36,126 posts
  • Joined:26 Jun 2007
  • Gender:Male
  • Location:Greece and Des Moines, IA

  • In a flat world there is an explanation to everything.

Posted 01 August 2014 - 01:27 PM

Wired said:


Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

Read more


A skeptic is a well informed believer and a pessimist a well informed optimist
The most dangerous views of the world are from those who have never seen it. ~ Alexander v. Humboldt
If you want to bulls**t me please do it so that it takes me more than a minute to find out

about me

#2    Orcseeker

Orcseeker

    Poltergeist

  • Member
  • 2,802 posts
  • Joined:15 Dec 2007
  • Gender:Male
  • Location:Australia

Posted 02 August 2014 - 05:06 PM

Instead of having the OS automatically install firmware of removable devices perhaps a scan of the software initially would alleviate these issues.


#3    questionmark

questionmark

    Cinicus Magnus

  • Member
  • 36,126 posts
  • Joined:26 Jun 2007
  • Gender:Male
  • Location:Greece and Des Moines, IA

  • In a flat world there is an explanation to everything.

Posted 02 August 2014 - 05:12 PM

View PostOrcseeker, on 02 August 2014 - 05:06 PM, said:

Instead of having the OS automatically install firmware of removable devices perhaps a scan of the software initially would alleviate these issues.

The only problem: if it is hard-coded into your USB device you will never get rid of it.

A skeptic is a well informed believer and a pessimist a well informed optimist
The most dangerous views of the world are from those who have never seen it. ~ Alexander v. Humboldt
If you want to bulls**t me please do it so that it takes me more than a minute to find out

about me

#4    Orcseeker

Orcseeker

    Poltergeist

  • Member
  • 2,802 posts
  • Joined:15 Dec 2007
  • Gender:Male
  • Location:Australia

Posted 05 August 2014 - 01:33 AM

View Postquestionmark, on 02 August 2014 - 05:12 PM, said:



The only problem: if it is hard-coded into your USB device you will never get rid of it.

Your USB would just be bricked. Although if it were hard coded would it be infected from the get go?


#5    questionmark

questionmark

    Cinicus Magnus

  • Member
  • 36,126 posts
  • Joined:26 Jun 2007
  • Gender:Male
  • Location:Greece and Des Moines, IA

  • In a flat world there is an explanation to everything.

Posted 05 August 2014 - 09:22 AM

View PostOrcseeker, on 05 August 2014 - 01:33 AM, said:

Your USB would just be bricked. Although if it were hard coded would it be infected from the get go?

Well, not so long ago there were some USB sticks around that had a trojan hardcoded on them. I guess the idea was to infect as many systems as possible hoping that it "might" get to the right system. That is when many government institutions banned the use of stick on official computers.

China, were most of the electronics are made today, is spending indecent amounts of money to gain access to other nation's computers....

A skeptic is a well informed believer and a pessimist a well informed optimist
The most dangerous views of the world are from those who have never seen it. ~ Alexander v. Humboldt
If you want to bulls**t me please do it so that it takes me more than a minute to find out

about me

#6    DefenceMinisterMishkin

DefenceMinisterMishkin

    It won't bite!

  • Member
  • 2,156 posts
  • Joined:04 Jun 2014
  • Gender:Male
  • Location:England of course..:P

  • It's what your right hand's for!

Posted 05 August 2014 - 09:33 AM

Make your own and your good to go, it's not as hard as you might think.

Posted Image

#7    Orcseeker

Orcseeker

    Poltergeist

  • Member
  • 2,802 posts
  • Joined:15 Dec 2007
  • Gender:Male
  • Location:Australia

Posted 05 August 2014 - 11:49 AM

View Postquestionmark, on 05 August 2014 - 09:22 AM, said:



Well, not so long ago there were some USB sticks around that had a trojan hardcoded on them. I guess the idea was to infect as many systems as possible hoping that it "might" get to the right system. That is when many government institutions banned the use of stick on official computers.

China, were most of the electronics are made today, is spending indecent amounts of money to gain access to other nation's computers....

Mm interesting. Didn't hear about that piece of news. I'd probably stick with refutable brands that would have a decent level of quality control (ie Sandisk).





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users