light bulb

Did You Know?



Reply
Highlighted
Posts: 4,288
Topics: 2,482
Kudos: 3,487
Blog Posts: 0
Registered: ‎06-02-2014

Hackers can tap USB devices in new attacks, researcher warns

Comment: USB devices such as keyboards and thumb drives can be used by hackers to access your pc

=================================================================================================

By  Helen Gaskell Published  July 31, 2014
 
USB devices such as mice, keyboards and thumb-drives can be used to hack into personal computers Reuters reported citing a top computer researcher.

Karsten Nohl, chief scientist with Berlin's SR said that the potential new class of attacks evade all known security problems as hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.

 

itp.net/ full read here/ http://www.itp.net/599222-hackers-can-tap-usb-devices-in-new-attacks-researcher-warns

Community Leader

Frequent Voice
Posts: 39
Registered: ‎06-20-2013

And you thought your USB device was clean....

Wired.com

 

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

 

Entire article: http://www.wired.com/2014/07/usb-security/

 

Posts: 6,795
Topics: 4,573
Kudos: 8,712
Registered: ‎06-12-2013

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”

[ Edited ]

Researchers devise stealthy attack that reprograms USB device firmware.

by Dan Goodin - July 31 2014

 

Thumb_drive-640x512.jpg

 

When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.

 

Full Article

Sr. Community Leader

Community Manager Community Manager
Community Manager
Posts: 5,376
Registered: ‎12-16-2013

Re: This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”

That's pretty scary.  I guess no USB drives until someone comes up for a fix for this one.

Posts: 4,288
Topics: 2,482
Kudos: 3,487
Blog Posts: 0
Registered: ‎06-02-2014

Plug and PREY: Hackers reprogram USB drives to silently infect PCs

Comment: Flash drives with malicous code, researchers are able to reprogram the firmware.

=================================================================================================

By Iain Thomson, 31 Jul 2014

 

Researchers say they have managed to reprogram the firmware within some flash drives with malicious code – code executed by the gadget's micro-controller to ultimately install malware on a PC or redirect network traffic without a victim knowing.

Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, spent months analyzing the software and micro-controllers embedded in particular USB devices, and said they have found they could reliably hide, in the flash ROM, malware that's undetectable to today's antivirus tools – and it's very, very effective.

 

We're told their software nasty, which they call BadUSB, can be installed not just in certain thumb drives, but in anything sporting a supported or compatible micro-controller. It is impossible to remove from the device, unless you too have tools and skills to reprogram the firmware.

 

The Register/ Full Article Here/ http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: Hackers can tap USB devices in new attacks, researcher warns

"BadUSB" - what if you could never trust a USB device again?

 

by Paul Ducklin on August 2, 2014

 

Imagine if you had to throw away your USB devices after letting someone else use them.

That USB key with the PowerPoint file on it that you loaded onto the projector at a conference?

Bin it.

 

Your mouse, selflessly lent to a fellow traveller while you both were waiting at the airport?

Might as well leave it behind with the complimentary newspaper.

The cool new outdoor action camera you plugged into your friend's laptop after a day of bike riding in the mountains?

Oh no! Not the cool new camera!

 

Well, according to a paper coming up at the BlackHat 2014 conference, that's where we might be heading if we're not careful.

 

Full story

 

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!Smiley Very Happy


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Community Leader
Posts: 423
Registered: ‎04-11-2014

Re: This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”


nic wrote:

That's pretty scary.  I guess no USB drives until someone comes up for a fix for this one.


I couldn't agree with you more nic.  I'm just grateful that I know where all my USBs came from ( and where they've been )

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader
Community Leader
Posts: 423
Registered: ‎04-11-2014

Re: Hackers can tap USB devices in new attacks, researcher warns

Every USB Device Under Threat. New Hack Is Undetectable And Unfixable
Posted by Gordon Kelly | 8/01/2014 @ 8:37AM

 

It is well known that USB drives can be dangerous. Companies run strict screening policies and it has long been known that running unknown ‘exe’ files is a bad idea. But what if the threat was undetectable, unfixable and could be planted into any USB device be it a USB drive, keyboard, mouse, web camera, printer, even smartphone or tablet? Well this nightmare scenario just became reality.

 

The findings will be laid out in a presentation next week from security researchers Karsten Nohl and Jakob Lell who claim the security of USB devices is fundamentally broken . More to the point they said it has always been fundamentally broken, but the holes have only just been discovered.

 

Full Article... "Bad USB!"  ]

— Jeff
Webroot Business Ambassador   Webroot Senior Community Leader