Friday, 1 August 2014

Why USB security is fundamentally broken


Credit: Josh Valcarcel/Wired

Take home message from the articles: this exploit will make it unsafe to use USB devices for exchanging files between computers unless you control both of them. Neither a reformat, nor any existing scan, is protection against this exploit.

Some of the comments paint a different picture, so be sure to check them too.

http://www.wired.com/2014/07/usb-security/

http://www.gizmodo.com.au/2014/08/usb-has-a-fundamental-security-flaw-that-you-cant-detect/ / computer users pass around USB sticks like silicon business cards carry malware infections antivirus scan format reformat reformatting drive thumbdrives flash memory stick security problems USB devices security researchers Karsten Nohl Jakob Lell present black hat hacker demonstrating proof-of-concept malicious software security of USB devices fundamentally broken malware BadUSB installed USB device take over a PC invisibly alter files redirect user’s internet traffic flash memory storage firmware attack code remain hidden contents device device’s memory research no easy fix nearly impossible to counter Black Hat security conference Las Vegas exploit exploiting the very way that USB is designed infect infected non trusted non-trusted computer security consultancy SR Labs USB devices store and spread malware hackers custom-coded infections into USB devices’ memory reverse engineering firmware basic communication functions of USB devices controller chips communicate move files USB firmware all USB devices reprogrammed hide attack code IT security people scan it delete some files find and analyze firmware USB devices keyboards mice smartphones firmware reprogrammed USB memory sticks test tested attack Android handset grab bag of evil tricks it can play software installed corrupted backdoored version malware silently hijack Internet traffic DNS settings /