Quantcast

The scariest USB hack of all-time is almost completely undetectable

Discussion in 'Off-Topic Discussion' started by sparkyscott21, Jul 31, 2014.

  1. sparkyscott21

    sparkyscott21 Moderator Staff Member

    Joined:
    Nov 4, 2010
    Messages:
    7,280
    Likes Received:
    103
    Trophy Points:
    63
    Location:
    Northern Mich.
    [​IMG]




    When you plug a USB stick into your laptop, you probably aren’t too worried about it completely taking over your computer. However, Ars Technica reports that researchers at Security Research Labs in Berlin are scheduled to unveil a new exploit at the Black Hat conference in Las Vegas next week that will allow an infected USB stick to take over your computer and use it to execute malicious code.

    The researchers have found a way to hack USB sticks so that once you plug them into your computer, it can make your machine “act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations.” And this technique doesn’t just work with standard USB sticks but also with Android phones, cameras, keyboards and pretty much any device you can connect to your machine through a USB port.

    “If you put anything into your USB, it extends a lot of trust,” Karsten Nohl, Security Research Labs’ chief scientist, explained to Ars. “Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It’s the equivalent of [saying] ‘here’s my computer; I’m going to walk away for 10 minutes. Please don’t do anything evil.”

    Worst of all, this sort of malicious activity is almost impossible to detect through conventional means, as virus scans done with machines infected via the USB exploit will turn up nothing. The researchers have found that the only way to effectively figure out whether a device is infected is to take it apart and reverse engineer it.






    7-31-14

    Source
     
  2. sparkyscott21

    sparkyscott21 Moderator Staff Member

    Joined:
    Nov 4, 2010
    Messages:
    7,280
    Likes Received:
    103
    Trophy Points:
    63
    Location:
    Northern Mich.
    'BadUSB' malware lives in USB firmware to remain undetected, unfixable




    [​IMG]




    A pair of researchers has discovered a flaw in the USB protocol's basic architecture that allows for malware to be programed into a device's firmware, making it nearly undetectable and impossible to patch.
    To demonstrate the ubiquitous vulnerability, SR Labs security researchers Karsten Nohl and Jakob Lell created a proof-of-concept called "BadUSB" that can be installed on any universal serial bus device, including memory sticks, keyboards, smartphones and more, to take over a victim's PC, insert or change files, modify DNS settings and otherwise play havoc with host hardware, reports Wired.

    BadUSB is not a common piece of malware that can simply be copied onto a USB drive's flash memory. Nohl and Lell reverse engineered the standard USB firmware in charge of transporting files on and off a device, finding that malicious code can be inserted and hidden within through a bit of reprograming.

    "These problems can't be patched," Nohl said. "We're exploiting the very way that USB is designed."

    Unless the tainted firmware is itself reverse engineered, the malware is protected from being discovered and will remain on a device even after a disk erasure is performed, a routine process for clearing suspected malicious software.

    Further, BadUSB is bidirectional. In other words, if a malware's payload is coded to do so, a thumb drive can infect a computer's USB firmware, which in turn reprograms the firmware of yet another connected USB device, spreading the code silently across any and all systems. In testing, Nohl and Lell found that basically any USB device is vulnerable to the exploit.

    As there is no easy fix to malware like BadUSB, the researchers suggest users adopt a new way of thinking about USB hardware. Instead of thoughtlessly transporting files and other data back and forth between machines, Nohl and Lell recommend connecting only to known devices that are user-owned or trusted.

    "In this new way of thinking, you can't trust a USB just because its storage doesn't contain a virus. Trust must come from the fact that no one malicious has ever touched it," Nohl said. "You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer."

    Nohl and Lell will present their findings, as well as proof-of-concept software, at the Black Hatconference in Las Vegas this August.






    8-1-14

    Source
     

Share This Page