Unpatchable Malware That Infects USBs Is Now on the Loose
October 2nd, 2014, 15:18
Source: Wired
...Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer. <snip>
Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. <snip>
But he (Karsten Nohl) warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”
Read more: http://www.wired.com/2014/10/code-publi ... sb-attack/
...Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer. <snip>
Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. <snip>
But he (Karsten Nohl) warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”
Read more: http://www.wired.com/2014/10/code-publi ... sb-attack/
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 2nd, 2014, 17:20
It was already "on the loose" - I think the NSA ANT Catalogue contained some available devices, and it was only a matter of time before someone did it... just knowing it is possible would have been enough. After all it is fairly rudimentary 8051 code or ARM in Flash, unencrypted mostly, unobfuscated, and there already is enough public domain stuff to do it.
BTW, ask the general public if they have even heard of the NSA spying, or care if malware is on their system... how often do you hear people say that "oh yeah I have viruses and it slows my system down.. how annoying" and the laugh like a goose? Ask them if they have ever heard of Snowden, or if they really care that they are losing their privacy in the (IMHO false) veil of terrorism..
NO One Cares
BTW, ask the general public if they have even heard of the NSA spying, or care if malware is on their system... how often do you hear people say that "oh yeah I have viruses and it slows my system down.. how annoying" and the laugh like a goose? Ask them if they have ever heard of Snowden, or if they really care that they are losing their privacy in the (IMHO false) veil of terrorism..
NO One Cares
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 2nd, 2014, 20:26
HaQue wrote:It was already "on the loose" - I think the NSA ANT Catalogue contained some available devices, and it was only a matter of time before someone did it... just knowing it is possible would have been enough. After all it is fairly rudimentary 8051 code or ARM in Flash, unencrypted mostly, unobfuscated, and there already is enough public domain stuff to do it.
BTW, ask the general public if they have even heard of the NSA spying, or care if malware is on their system... how often do you hear people say that "oh yeah I have viruses and it slows my system down.. how annoying" and the laugh like a goose? Ask them if they have ever heard of Snowden, or if they really care that they are losing their privacy in the (IMHO false) veil of terrorism..
NO One Cares
ask them if they run windows
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 2nd, 2014, 20:28
Matiw wrote:Source: Wired
...Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer. <snip>
Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. <snip>
But he (Karsten Nohl) warned that even if that code-signing measure were put in place today, it could take 10 years or more to iron out the USB standard’s bugs and pull existing vulnerable devices out of circulation. “It’s unfixable for the most part,” Nohl said at the time. “But before even starting this arms race, USB sticks have to attempt security.”
Read more: http://www.wired.com/2014/10/code-publi ... sb-attack/
this has been going on for a very long time
they all ready hacked the firmware of hard drives and load them up to usb pen and then put them inside a case and glue some nuts to give it the weight
only way in catching this is if you got the source code for the virus or someone has sent it to the anti virus companys
then all they do is add it to the new virus update
if its a new virus then no anti virus will see it
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 2nd, 2014, 23:13
craig6928 wrote:HaQue wrote:It was already "on the loose" - I think the NSA ANT Catalogue contained some available devices, and it was only a matter of time before someone did it... just knowing it is possible would have been enough. After all it is fairly rudimentary 8051 code or ARM in Flash, unencrypted mostly, unobfuscated, and there already is enough public domain stuff to do it.
BTW, ask the general public if they have even heard of the NSA spying, or care if malware is on their system... how often do you hear people say that "oh yeah I have viruses and it slows my system down.. how annoying" and the laugh like a goose? Ask them if they have ever heard of Snowden, or if they really care that they are losing their privacy in the (IMHO false) veil of terrorism..
NO One Cares
ask them if they run windows
ahh, Operating systems really don't matter here..
Some of the Linux m,alware infecting web servers right now are pretty interesting..
Not to mention the Bash stuff! how many boxes do you think THAT affected??
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 3rd, 2014, 5:26
and Shellshock ?ask them if they run windows
Linux users, and i'm one of them, can no longer afford to be so smug as to point at Windows as a security risk in itself.
http://www.zdnet.com/zero-day-weekly-ba ... 000034079/
Security is more than the OS nowadays, it's an all encompassing mindset, which can be bypassed if agencies have backdoors into physical devices.
as HaQue alludes its like the phrase "No one will know - even fewer will care" when dealing with Mr Average User. I mean, look at the sh1t people publish on that hacker training utility Faceb00k
Re: Unpatchable Malware That Infects USBs Is Now on the Loos
October 3rd, 2014, 7:14
People have lost touch with how computers work, have no clue that the connection to the internet is not a single direct link to their ISP, but more like a fibre optic cable where each strand is a separate connection that has properties that change.. secure one minute, open to the world the next.
try getting through to people that what a botnet is, and that there is not 1 or two, but hundreds active... that there is orphaned malware that no human is controlling anymore that is simply infecting older systems as they are built/unprotected for whatever reason.
Try explaining Malware that never even touches a disk.. that is run from memory.. in fact try explaining simple things like the 6 or so kinds of memory, RAM, Cache in HDD, CPU cache, HDD, Readyboost, the ROM(BIOS) etc etc.
Then try telling them that everything you explained.. it is actually worse.
THEN try explaining that yes the criminals are doing this, but so are your own and foreign governments.
Kudos if they are still listening, even more kudos if they understand 1%.
you know, sad to say but the only real option we have is to do our own thing, maintain our own PC's and Sites, and pretend the rest is no there. Personally I could not band together enough people to make a noticeable blip in any 1 area, let alone the whole problem. Don't get me started on not teaching kids anymore than not using their real name online... or the IOT..
Great, now I need a BEX and a lie down!
try getting through to people that what a botnet is, and that there is not 1 or two, but hundreds active... that there is orphaned malware that no human is controlling anymore that is simply infecting older systems as they are built/unprotected for whatever reason.
Try explaining Malware that never even touches a disk.. that is run from memory.. in fact try explaining simple things like the 6 or so kinds of memory, RAM, Cache in HDD, CPU cache, HDD, Readyboost, the ROM(BIOS) etc etc.
Then try telling them that everything you explained.. it is actually worse.
THEN try explaining that yes the criminals are doing this, but so are your own and foreign governments.
Kudos if they are still listening, even more kudos if they understand 1%.
you know, sad to say but the only real option we have is to do our own thing, maintain our own PC's and Sites, and pretend the rest is no there. Personally I could not band together enough people to make a noticeable blip in any 1 area, let alone the whole problem. Don't get me started on not teaching kids anymore than not using their real name online... or the IOT..
Great, now I need a BEX and a lie down!
Powered by phpBB © phpBB Group.