Thread: BadUSB?

  1. #1
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079

    BadUSB?

    What's the consensus on this, everyone?

    https://srlabs.de/badusb/
    Sent from my iPad®

  2. #2
    Make Fortran great again
    Join Date
    Sep 2009
    Posts
    1,413
    Hackers/crackers ruining good things as usual. Guess we can't share thumb drives etc. with other people anymore.

  3. #3
    Devil's Advocate SlyMaelstrom's Avatar
    Join Date
    May 2004
    Location
    Out of scope
    Posts
    4,079
    Quote Originally Posted by Epy View Post
    Hackers/crackers ruining good things as usual. Guess we can't share thumb drives etc. with other people anymore.
    You can't even use your own USB devices unless you have absolute faith that your computer has not ever, at any point, been infected with malware that could rewrite the fireware on your USB devices.

    This combined with the apparency that the US, UK, and let's face it, probably every major government in the world seems to have absolutely no moral concern with data mining every citizen without any public knowledge or warning kind of freaks me out.
    Last edited by SlyMaelstrom; 07-31-2014 at 11:17 AM.
    Sent from my iPad®

  4. #4
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by Epy View Post
    Hackers/crackers ruining good things as usual. Guess we can't share thumb drives etc. with other people anymore.
    Actually, I think what these guys do is wonderful. You think the NSA didn't know how to do this? Now that we all know this is possible, we can move forward and address it.

    The people who present at Black Hat rarely self-identify as hackers or crackers. They tend to be employed by security research firms, or operate independently as "white hats." I'm sure some of them skirt the boundaries from time to time, but the people doing really bad things to other people aren't part of this group.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  5. #5
    Master Apprentice phantomotap's Avatar
    Join Date
    Jan 2008
    Posts
    5,108
    Actually, I think what these guys do is wonderful. You think the NSA didn't know how to do this? Now that we all know this is possible, we can move forward and address it.
    O_o

    I agree that the "whitehats" are wonderful, but we've known the technique was possible attack vector for a long time.

    The news here is actually that it works alarmingly well.

    We may soon see a "sneaker net" less secure than open wireless.

    Soma
    “Salem Was Wrong!” -- Pedant Necromancer
    “Four isn't random!” -- Gibbering Mouther

  6. #6
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by Epy View Post
    Hackers/crackers ruining good things as usual.
    Don't blame the hackers, blame the lazy BIOS/OS devs.


    A device can emulate a keyboard and issue commands on behalf of the logged-in user
    This is easy to fix: Any new devices claiming to be input devices must be approved by the user. If the system is a desktop (or, by default) then the first discovered keyboard is automatically accepted. If the system is a server, it can be configured to disallow any input devices.


    The device can also spoof a network card
    Can be prevent by mostly the same means as above.


    A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus
    This is fixed by the BIOS prompting the user when it tries to boot off the non-default drive.


    Of course, if you buy a device that does work as advertised, but is also malicious, then there's really not much as way of prevention that one can do, like everything else in life.

  7. #7
    Make Fortran great again
    Join Date
    Sep 2009
    Posts
    1,413
    I'd rather blame both.

  8. #8
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by Yarin View Post
    Don't blame the hackers, blame the lazy BIOS/OS devs.
    As a programmer yourself you should know better.

    Developers are not the reason products end up this way. Corporate product management is the reason products end up this way.

    I'm actually hurt.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  9. #9
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Quote Originally Posted by brewbuck View Post
    As a programmer yourself you should know better.

    Developers are not the reason products end up this way. Corporate product management is the reason products end up this way.
    I guess I was recklessly vauge. By "devs" I mean "those responsible for it's development", I don't mean to single out programmers.


    Quote Originally Posted by brewbuck View Post
    I'm actually hurt.
    Don't be, I don't disagree with you

Popular pages Recent additions subscribe to a feed