BAAAAAAAD USB... :´-(
Before we start… please open this link and enjoy the music
while you read.
This article will be valid until Feexit invents some sort of condom for USB devices or that folks around the world are well connected with affordable data prices for mobile technology and hopefully everyone will embrace an "open minded" approach towards "alternative" Software, OS, ways...Most people know that USB Flash Drives should be scanned and formatted from time to time; so we won´t become carriers to a deadly and dumb cyber-pandemic.
This article will be valid until Feexit invents some sort of condom for USB devices or that folks around the world are well connected with affordable data prices for mobile technology and hopefully everyone will embrace an "open minded" approach towards "alternative" Software, OS, ways...Most people know that USB Flash Drives should be scanned and formatted from time to time; so we won´t become carriers to a deadly and dumb cyber-pandemic.
But this is not a movie, and there is always something more... When we talk about an USB, we are not only talking about their contents, but rather their core.
and the legendary Windows Malware that came with the VideoiPods.
A few weeks ago Karsten Nohl and Jakob Lell presented BadUSB at BlackHat 2014… and for lack of better words, we felt stupified.
“My teacher never talked about that...”
Reprogramming the peripherals in a USB… yes! It turns out that a device can be turned into a totally different device once its USB peripheral controller chip is reprogrammed… and these chips, including USB flash drives, have no way to protect themselves from being reprogrammed. This is without a doubt a new form of malware that operates from the core of the controller chip in any USB device. USB flash drives can be reprogrammed to deceive any other type of devices and seize a computer, to leak information or to spy on the user.
“It is a magic trick”
SRLabs will present a complete report on this, but with the information that we have we are capable to paint a proper picture. One “just” needs to install a malicious code called BadUSB in USB flash drive or a memory chip in a smartphone. Even when connected a computer, the reprogrammed USB device can emulate a keyboard to execute actions “on behalf of the user” like erasing files or installing programs. This malicious code (BadUSB) can infect other devices connected to the computer. Finally, the it is able to change the DNS of a computer towards an external server and to redirect the traffic.
Bad USB - And the devices that turned evil.
.To those who have followed this blog, the idea of "certain intelligence agencies (NSA! NSA! NSA!)" collecting information though mechanisms similar to BadUSB, sounds more like a missing piece in the puzzle.
A little bit more than a year
ago, Karsten Nohl presented at Black Hat the results to a study in which a
Sim-Card was hacked… yes, the same SIM-Card in your smartphone (RT)... in December of 2013, certain information provided by Mr. Edward
Snowden showed that there is a similar technique called GOPHERSET (The Ghosts Of
Our Fathers)
No comments:
Post a Comment