DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, ATi, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 1, 2014 
Main Menu

Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 132 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

RSS
RSS





 

Security experts claim USB is fundamentally unsafe

Posted on Friday, August 01 2014 @ 23:20:52 CEST by


Security researchers Karsten Nohl and Jakob Lell from SR Labs claim they've created a proof-of-concept of a piece of malware that can hide in the firmware of a USB memory stick. Nohl and Lell explain the malware exploits the very way that the USB protocol is designed and claim there's no easy fix for the problem because it can't simply be patched.

Named BadUSB, their proof-of-concept is capable of pretty much anything including taking over a PC, spying on you, invisibly altering files installed from the memory stick and redirecting Internet traffic.

The worst part is that the malware can't be easily deleted, you need to reflash the firmware to get rid of it and you can't even detect it without reverse engineering the firmware. The issue isn't limited to USB sticks, basically any USB device that can be infected can be the carrier for this new type of virus. Malware like BadUSB can travel from both a computer to the USB and the other way around, but at present its unknown if all USB devices are vulnerable. The researchers achieved their exploit on devices with Phison USB controllers but it's unclear if attacks could be devised for USB controllers from other firms.
Most of us learned long ago not to run executable files from sketchy USB sticks. But old-fashioned USB hygiene can’t stop this newer flavor of infection: Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer. There’s not even any trusted USB firmware to compare the code against.

The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.”
Full details at Wired.


 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2014 DM Media Group bvba