Thursday, July 31, 2014
BadUSB Code
The humble USB stick - developed joined by Israel's M-Systems and IBM
at the turn of the century - has been shown to be subject to firmware
abuse by Karsten Nohl, the chief scientist with Berlin's SR Labs, who
says that hackers can easily load malicious software onto the control
chips seen on modern low-cost sticks.
Originally known as a DiskOnKey, the Universal Serial Bus (USB) stick has evolved considerably over the years, mainly with the addition of on-device chipsets to speed up the rate at which data can written to, and read from, the flash member held on the unit.
With the assistance of fellow researcher Jakob Lell, Nohl claims to have reverse-engineered the firmware that controls the basic communication functions of the USB stick.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
___________________________
99% BAD HARDWARE WEEK: If you have access to national security don't use USB. Is the vulnerability only rectricted to USB or to any Plug and Play device ? If so, we shall soon have the whole line of BAd TM products: BAd malware SSD, BAD Phones, BAD Wireless mouse. Evil TM Printer and so on !
Originally known as a DiskOnKey, the Universal Serial Bus (USB) stick has evolved considerably over the years, mainly with the addition of on-device chipsets to speed up the rate at which data can written to, and read from, the flash member held on the unit.
With the assistance of fellow researcher Jakob Lell, Nohl claims to have reverse-engineered the firmware that controls the basic communication functions of the USB stick.
Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
___________________________
99% BAD HARDWARE WEEK: If you have access to national security don't use USB. Is the vulnerability only rectricted to USB or to any Plug and Play device ? If so, we shall soon have the whole line of BAd TM products: BAd malware SSD, BAD Phones, BAD Wireless mouse. Evil TM Printer and so on !