The Cellar  

Go Back   The Cellar > Main > Technology

Technology Computing, programming, science, electronics, telecommunications, etc.

Reply
 
Thread Tools Display Modes
Old 08-01-2014, 12:51 AM   #1
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
Bad USB Bug

From Extreme Tech...

Quote:
Security researchers have found a fundamental flaw that could affect billions of USB devices. This flaw is so serious that, now that it has been revealed, you probably shouldn’t plug a USB device into your computer ever again. There are no known effective defenses against this variety of USB attack, though in the future (months or years, not days) some limited defenses might be possible. This vulnerability, which allows any USB device to take over your computer, mostly exists due to the USB Implementers Forum (the USB standards body) eschewing security in favor of maximizing the versatility, and thus the massively successful adoption, of USB. The USB IF itself notes that your only defense against this new attack vector is to only use USB devices that you 100% trust — but even then, as we’ll outline below, this won’t always protect you.

This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages the fact that every USB device has a controller chip. Whether it’s your PC, smartphone, external hard drive, or an audio breakout box, there’s a USB controller chip in every device that controls the USB connection to other devices. It turns out, according to SR Labs, that these controllers have firmware that can be reprogrammed to do a whole host of malicious things — and, perhaps most importantly, this reprogramming is almost impossible to detect.
I've the feeling this is one of those, it probably doesn't have rabies but it might. So use caution who's dongle you let in your USB. I wonder if you plug your clean and safe USB device into shady computer, if it can reflash your USB firmware?
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 08-01-2014, 01:47 AM   #2
Big Sarge
Werepandas - lurking in your shadows
 
Join Date: Jun 2008
Location: In the Deep South
Posts: 3,408
yes. this is why all usb's on military computers were disabled several years ago. viruses were introduced on siprnet from infected jump drives. you could loose your security clearance and rank if you got caught with a thumb drive in the scif
__________________
Give a man a match, & he'll be warm for 20 seconds. But toss that man a white phosphorus grenade and he'll be warm for the rest of his life.
Big Sarge is offline   Reply With Quote
Old 08-01-2014, 11:00 AM   #3
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
I think that's a different problem, a virus on a thumb/flash drive infecting a computer. I'm wondering if the computer can alter the firmware on the USB device.
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 08-11-2014, 10:45 AM   #4
mbpark
Lecturer
 
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
BadUSB

The policy control of losing rank/clearance is appropriate given the severity of the bug.

This is because much more nefarious items than viruses can be brought into a SCIF due to this.

This bug is really bad because it can use the USB ID assigned to one device and operate surreptitiously as another, e.g. data collection and surveillance by operating as a keyboard and running scripts to remove data from a machine.
mbpark is offline   Reply With Quote
Old 08-11-2014, 10:45 AM   #5
mbpark
Lecturer
 
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
BTW you can thank Ms. Manning and the VA laptop theft for the flash drive ban.
mbpark is offline   Reply With Quote
Old 08-11-2014, 02:45 PM   #6
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
Mitch, if you have say a thumb drive that's clean, can sticking it in an evil computer alter it to do bad things without you knowing? Not just pick up and transfer a virus which even us dummies knew, but alter the thumb drive firmware so it becomes evil also?

Sorry for the overly technical language.
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Old 08-14-2014, 01:11 PM   #7
mbpark
Lecturer
 
Join Date: Jan 2001
Location: Carmel, Indiana
Posts: 761
BadUSB

The answer is yes. That's entirely possible and most likely has already happened.
mbpark is offline   Reply With Quote
Old 08-14-2014, 01:34 PM   #8
xoxoxoBruce
The future is unwritten
 
Join Date: Oct 2002
Posts: 71,105
Condoms for USBs!
__________________
The descent of man ~ Nixon, Friedman, Reagan, Trump.
xoxoxoBruce is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 08:14 PM.


Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.