LinkBack URL
About LinkBacksOnce again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer.
This vulnerability has come about to be known as "BadUSB", whose source code has been published by the researchers on the open source code hosting website Github, demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware.
But Wait! What this means is that this critical vulnerability is now available online for hackers, cyber criminals and everybody to use so as to infect as many computers as they want.
SOURCE CODE AVAILABLE ONLINE TO EVERYBODY
In a talk at the Derbycon Hacker Conference in Louisville last week, the duo were able to reverse engineer the USB firmware, infect it with their own code, and essentially hijack the associated device. The researchers also underlined the danger of the Bad USB hack by going in-depth of the code.
The security hole was first revealed by researchers from Berlin-based Security Research Labs (SRLabs in Germany) at the Black Hat security conference in Las Vegas two months ago, and here you can watch the video of their presentation. The German researchers didn’t publish their source code because they thought it to be dangerous and too hard to patch.
“We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that Phison will add support for signed updates to all of the controllers it sells,” Caudill said in a blog post. “Phison isn’t the only player here, though they are the most common—I’d love to see them take the lead in improving security for these devices.”
THE GOOD NEWS AND THE BAD
The good news is that this vulnerability presents in only one USB manufacturer Phison electronics, a Taiwanese electronics company. But the bad side of it is that Phison USB sticks can infect any given device they are plugged into, and the company has not yet revealed who it manufactures USB sticks for. This is the fact it is still unclear as to how widespread the problem may be at the moment.
A Phison USB stick can infect any type of computer, but it isn’t clear if its able to infect any other USB device that is plugged into them afterwards or not. However, Phison controllers are found in a very large number of USB thumb drives available on the market.
Torrent Invites! Buy, Trade, Sell Or Find Free Invites, For EVERY Private Tracker! HDBits.org, BTN, PTP, MTV, Empornium, Orpheus, Bibliotik, RED, IPT, TL, PHD etc!
Results 1 to 1 of 1
-
10-04-2014 #1Power User
- Reputation Points
- 1648
- Reputation Power
- 64
- Join Date
- Jul 2011
- Posts
- 132
- Time Online
- 3 d 11 h 49 m
- Avg. Time Online
- 1 m
- Mentioned
- 16 Post(s)
- Quoted
- 9 Post(s)
- Liked
- 79 times
- Feedbacks
- 0
BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons
Reply With Quote
