Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The Unpatchable Malware That Infects USBs Is Now on the Loose - Wired


  • Please log in to reply
2 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 12,915 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:06:48 AM

Posted 06 October 2014 - 07:13 PM

 

It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer.

In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they’ve reverse engineered the same USB firmware as Nohl’s SR Labs, reproducing some of Nohl’s BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable.

 

The Unpatchable Malware That Infects USBs Is Now on the Loose - Wired

 

 

 

 


 


Arch Linux .
 
 Come join the fun, chat to Bleeping computer members and staff in real time on Discord.
 
The BleepingComputer Official Discord Chat Server!


BC AdBot (Login to Remove)

 


#2 Crazy Cat

Crazy Cat

  • Members
  • 808 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lunatic Asylum
  • Local time:08:48 AM

Posted 07 October 2014 - 12:14 AM

THE GOOD NEWS AND THE BAD. http://thehackernews.com/2014/10/badusb-malware-code-released-turn-usb.html

The good news is that this vulnerability presents in only one USB manufacturer Phison electronics, a Taiwanese electronics company. But the bad side of it is that Phison USB sticks can infect any given device they are plugged into, and the company has not yet revealed who it manufactures USB sticks for. This is the fact it is still unclear as to how widespread the problem may be at the moment.

A Phison USB stick can infect any type of computer, but it isnt clear if its able to infect any other USB device that is plugged into them afterwards or not. However, Phison controllers are found in a very large number of USB thumb drives available on the market.

 
Phison GetInfo V3.7.5.2: Utility to view detailed information about the flash controllers Phison.

http://flashboot.ru/files/file/169/
http://translate.google.com/translate?hl=en&sl=ru&tl=en&u=http://flashboot.ru/files/file/169/

phison_getinfo_v3752_9ce_1000.png
 

Two things are infinite: the universe and human stupidity; and I'm not sure about the universe. ― Albert Einstein ― Insanity is doing the same thing, over and over again, but expecting different results.

 

InternetDefenseLeague-footer-badge.png


#3 palerider2

palerider2

  • Members
  • 133 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 07 October 2014 - 04:18 AM

So this malware was created by good guys.

And it was released to hackers by good guys.

Without which actions, millions of people were safer. Sorry, but IMO that's not right.

Edited by palerider2, 07 October 2014 - 04:18 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users