Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BadUsb security flaw


  • Please log in to reply
9 replies to this topic

#1 RussellMania

RussellMania

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 21 January 2017 - 10:13 PM

I have a lot of questions and concerns about badusb.


Edited by hamluis, 14 February 2017 - 01:10 PM.
Moved from External Hardware to General Security - Hamluis


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,313 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:48 AM

Posted 26 January 2017 - 05:01 PM

You should ask them , we can't guess :grinner:


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 RussellMania

RussellMania
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 27 January 2017 - 03:15 PM

I have a lot of questions reguarding badusb that can't be answered with a simple Google search. Lets say I have to take my PC, IPhone, or IPad to a tech to get it repaired or if I have malware that I can't get rid of; how can I be sure that the place that I take it to won't infect my devices. I had to take my IPhone to the Apple Store and was really worried that my IPhone would get infected. I was afraid that when they plugged my Phone into their computer, I would get infected. If I had to take my PC to a tech shop to get it repaired, how can I be sure that I won't get infected when they plug in their mouse receiver, or back up my files via USB. What do techs do to protect themselves from getting infected.

I know that Apple signs all their firmware and uses the latest encryption to protect all their firmware. If I plug in my IPhone 6 or IPad Pro into a infected USB port, PC, or Mac, can my firmware be reprogrammed. My IPad 4 and Note 3 devices got infected via badusb and even doing a factory reset didn't work because the malware was embedded into the firmware. I would think that Apple has added a lot of security since then to protect their firmware. If I do have to take my IPhone or IPad to the Apple Store to get it fixed, does doing a factory reset right away protect my devices firmware from getting repgrammed, or is this just a false since of security. I'm thinking that it takes time to break the encryption key and if I do a factory reset right away before my firmware gets repgrammed, I can save my devices.

#4 packetanalyzer

packetanalyzer

  • Members
  • 954 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:07:48 AM

Posted 28 January 2017 - 06:40 PM

 

how can I be sure that the place that I take it to won't infect my devices... I was afraid that when they plugged my Phone into their computer, I would get infected.

 

 

RussellMania, the short answer is you can't be sure. You have to trust them. Something a lot of people don't understand is the concept that if someone has physical access to your device you should assume they are able to gain complete access to the device. http://www.howtogeek.com/161444/htg-explains-why-a-windows-password-doesnt-protect-your-data

 

If you take your device to the manufacturer's store and have an a store employee work on it you probably don't need to worry about them doing something malicious to your device (if they wanted to they could so you still need to decide if you want to accept the risk the employee would do something malicious to your device before you allow the employee to work on your device).

 

For the sake of discussion let's assume the employee is only there to help you and has no desire to infect your device. If the employee is going to connect your device to a USB port then you are trusting the employee, the store, and the company to keep their equipment secure and check for unauthorized modifications.

 

If you know you have to protect your computer and make sure it is not infected because if your computer is infected and you connect one of your devices to the infected computer the device can become infected, then obviously the same is true about connecting your device to someone else's computer.

 

The truth is any time you turn over physical control of your device to someone else or connect your device to a USB port you are taking a risk. You need to make the decision about what risks you are going to take.

 

I hope that helps!

 

packetanalyzer



#5 RussellMania

RussellMania
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 14 February 2017 - 07:36 AM

I have an external Blueray Burner that uses the Esata cable. Can the firmware of the Esata cable be reprogrammed. Can malware or a rootkit travel over thr Esata cable and infected my external blueray player. Some external drives also use Esata, is this safer then USB.

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,857 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:06:48 AM

Posted 14 February 2017 - 01:08 PM

A DVD or CD cannot become infected unless such is burned in.  Hard drives, flash drives, USB drives...can all become infected via data transfer.

 

https://community.norton.com/en/forums/can-disk-get-virus

 

There is no place for a malware item to travel to on a burned CD or DVD...since all material on the discs is locked in.  It's the reverse of the principle that dictates that data on a CD or DVD...must be read.  The contents of a CD or DVD cannot simply be copied/pasted and made useable...DVDs/CDs must be ripped in order to be put in useable format on systems.  Just as you need a DVD/CD player to get output...well, it goes the other way for input :).

 

Louis



#7 RussellMania

RussellMania
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 24 February 2017 - 08:49 AM

I would like to thank you for the quick response, but that did not answer my question. If I plug my external blue ray burner into my PC and the USB Micro controller is infected; The firmware in the micro controller will infect and reprogram the firmware in my external blue ray burner. I have done a lot of research and conducted my own experiments on devices that were infected. Most people including tech experts don't fully understand the full implications of Badusb. Most tech experts would agree that you should never stick a flash drive or device that you don't trust into your PC; If the drive is infected with a autorun virus Trojan or worm, the malware will automatically execute and will infect your PC. Tech experts use various techniques to extract data from the drive that has been infected with autorun malware, so they don't infect their PC. You can immunize your drive, or buy a flash drive that has a write protection switch, so you don't infect the drive when you connect it to a PC. Unfortunately none of these methods will protect you against badusb; The hard drive or flash drive will be infected as soon as you connect it to the PC. Write protection also won't help you here because badusb infects the lower firmware of the usb micro controller. Badusb is not malware; Badusb is when the firmware in the micro controller has been reprogrammed to do malicious things. The drive may spread malware to uninfected PC's, but that is because the malicious firmware can infect files in the drive; Badusb can infect you even if the drive has been wiped clean and has no files in it.

If your infected with badusb, then you have to assume that all devices that connected to that PC are infected. The wireless receiver is usually the first to get infected; Badusb will infect every piece of hardware that connects to your PC.

You are correct when you said a DVD or Blueray cannot get infected; however, badusb will reprogram the firmware of the external blueray burner as soon as you connect it using USB.

#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:48 PM

Posted 25 February 2017 - 12:45 PM

If your infected with badusb, then you have to assume that all devices that connected to that PC are infected. The wireless receiver is usually the first to get infected; Badusb will infect every piece of hardware that connects to your PC.

 

No, it can only infect:

1) devices that connect via USB

2) USB controllers that are vulnerable to BadUSB.

 

Karsten estimated that about half of the USB chips are vulnerable: see slides 21 and 22 https://srlabs.de/wp-content/uploads/2014/11/SRLabs-BadUSB-Pacsec-v2.pdf

 

What wireless receiver are you talking about?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 RussellMania

RussellMania
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 02 March 2017 - 06:24 AM

The Logtech Unifying reciever for the mouse and keyboard. The reason why the Logitech reciever is more vulnerable to a badusb attack then other recievers is because of its unifying capabilities.

#10 RussellMania

RussellMania
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 09 March 2017 - 07:48 AM

Can a usb Micro Controller reinfect the BIOS or other firmware in your computer. I know that an infected USB can infect the BIOS and even reprogram the firmware in the USB micro controller so that your other peripheral devices can also get infected; Can a infected USB micro controller alone infect the BIOS upon reboot. During the black hat presentation, it was unclear if just the micro controller could infect the BIOS after ever a reboot. I believe that it can because the firmware in the USB micro controller can be reprogrammed to infect the BIOS after every reboot. If this is at all possible, then this would be the worst USB attack possible because that means that your whole mother board is garbage because it can reinfect the BIOS over and over again, so refreshing is useless. That brings me to the next question; If the two USB ports on my case are infected, the USB firmware controller can also reinfect the BIOS. I thought that the USB ports on the case were safer simply because it wasn't directly connected to the motherboard, but it seems that I was mistaken. Obviously if the USB ports on my case were not connected to the motherboard and they had no power nothing would happen, but if I connected them to my motherboard, then the firmware controller inside the USB port could infect the BIOS along with any other firmware in my PC.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users