October 6, 2014 at 11:53Exploit source code for “fatal” vulnerability in USB devices published on GitHub
I think a couple of months ago, many people heard from the news about a vulnerability in USB controllers, which could turn any peripheral device connected via usb into a cyber espionage tool. In the English-language computer press, this problem is called "BadUSB". The first to be reported was Karsten Nohl, security expert and researcher at the Berlin-based SR Labs, at a BlackHat USA conference . Due to the seriousness of the problem and fears that the vulnerability is difficult to fix, Nol did not publish the exploit, trying to give time to the vendors to fix it.
2 months have passed since then and everyone completely forgot about the “bad yuesby”, until a week ago, at another hacker conference - Derbycon- Two more researchers did not speak: Adam Cadill and Brandon Wilson (Adam Caudill, Brandon Wilson).
I will not completely retell their performance, just watch the video, the guys explain it quite easily.
The main idea is that you need to abandon the thought of any usb drive as a simple storage medium and begin to consider it as a complete computer that can be programmed to execute any commands.
Everything becomes even more serious if we take into account that the malicious code recorded in the modified firmware of the usb drive is completely hidden, cannot be detected by antiviruses and cannot be deleted when the device is formatted. I recall Stuxnet - the story of the infection of computers in the Iranian nuclear center - also using infected usb devices.
Unlike the discoverer of BadUSB, Adam and Brandon also uploaded their proof-of-concept code on GitHub, citing the lack of confidence that vendors did not turn a blind eye to the problem and believing that only the publication of a publicly available exploit would force manufacturers USB controllers start working on the patch. So, although the exploit is not universal and is written for a specific USB controller of one of the Taiwanese manufacturers ( Phison 2251-03 ), the appearance of other modifications is now only a matter of time.
srlabs.de/badusb
github.com/adamcaudill/Psychson
boingboing.net/2014/10/03/sourcecode-for-unpatchable.html
mashable.com/2014/10/03/bad-usb
www.wired.com/2014/ 10 / code-published-for-unfixable-usb-attack
2 months have passed since then and everyone completely forgot about the “bad yuesby”, until a week ago, at another hacker conference - Derbycon- Two more researchers did not speak: Adam Cadill and Brandon Wilson (Adam Caudill, Brandon Wilson).
I will not completely retell their performance, just watch the video, the guys explain it quite easily.
The main idea is that you need to abandon the thought of any usb drive as a simple storage medium and begin to consider it as a complete computer that can be programmed to execute any commands.
Everything becomes even more serious if we take into account that the malicious code recorded in the modified firmware of the usb drive is completely hidden, cannot be detected by antiviruses and cannot be deleted when the device is formatted. I recall Stuxnet - the story of the infection of computers in the Iranian nuclear center - also using infected usb devices.
Unlike the discoverer of BadUSB, Adam and Brandon also uploaded their proof-of-concept code on GitHub, citing the lack of confidence that vendors did not turn a blind eye to the problem and believing that only the publication of a publicly available exploit would force manufacturers USB controllers start working on the patch. So, although the exploit is not universal and is written for a specific USB controller of one of the Taiwanese manufacturers ( Phison 2251-03 ), the appearance of other modifications is now only a matter of time.
Used materials
srlabs.de/badusb
github.com/adamcaudill/Psychson
boingboing.net/2014/10/03/sourcecode-for-unpatchable.html
mashable.com/2014/10/03/bad-usb
www.wired.com/2014/ 10 / code-published-for-unfixable-usb-attack