The Cellar - Bad USB Bug

The Cellar (http://cellar.org/index.php)

- Technology (http://cellar.org/forumdisplay.php?f=7)

- - Bad USB Bug (http://cellar.org/showthread.php?t=30313)

Quote:

Security researchers have found a fundamental flaw that could affect billions of USB devices. This flaw is so serious that, now that it has been revealed, you probably shouldn’t plug a USB device into your computer ever again. There are no known effective defenses against this variety of USB attack, though in the future (months or years, not days) some limited defenses might be possible. This vulnerability, which allows any USB device to take over your computer, mostly exists due to the USB Implementers Forum (the USB standards body) eschewing security in favor of maximizing the versatility, and thus the massively successful adoption, of USB. The USB IF itself notes that your only defense against this new attack vector is to only use USB devices that you 100% trust — but even then, as we’ll outline below, this won’t always protect you.

This flaw, dubbed BadUSB by Security Research Labs in Berlin, leverages the fact that every USB device has a controller chip. Whether it’s your PC, smartphone, external hard drive, or an audio breakout box, there’s a USB controller chip in every device that controls the USB connection to other devices. It turns out, according to SR Labs, that these controllers have firmware that can be reprogrammed to do a whole host of malicious things — and, perhaps most importantly, this reprogramming is almost impossible to detect.

I've the feeling this is one of those, it probably doesn't have rabies but it might. So use caution who's dongle you let in your USB. I wonder if you plug your clean and safe USB device into shady computer, if it can reflash your USB firmware? :eek3:

yes. this is why all usb's on military computers were disabled several years ago. viruses were introduced on siprnet from infected jump drives. you could loose your security clearance and rank if you got caught with a thumb drive in the scif

I think that's a different problem, a virus on a thumb/flash drive infecting a computer. I'm wondering if the computer can alter the firmware on the USB device.

The policy control of losing rank/clearance is appropriate given the severity of the bug.

This is because much more nefarious items than viruses can be brought into a SCIF due to this.

This bug is really bad because it can use the USB ID assigned to one device and operate surreptitiously as another, e.g. data collection and surveillance by operating as a keyboard and running scripts to remove data from a machine.

BTW you can thank Ms. Manning and the VA laptop theft for the flash drive ban.

Mitch, if you have say a thumb drive that's clean, can sticking it in an evil computer alter it to do bad things without you knowing? Not just pick up and transfer a virus which even us dummies knew, but alter the thumb drive firmware so it becomes evil also?

Sorry for the overly technical language.:blush:

The answer is yes. That's entirely possible and most likely has already happened.

Condoms for USBs! :lol2: