What's the consensus on this, everyone?
https://srlabs.de/badusb/
Sent from my iPad®
Hackers/crackers ruining good things as usual. Guess we can't share thumb drives etc. with other people anymore.
You can't even use your own USB devices unless you have absolute faith that your computer has not ever, at any point, been infected with malware that could rewrite the fireware on your USB devices.
This combined with the apparency that the US, UK, and let's face it, probably every major government in the world seems to have absolutely no moral concern with data mining every citizen without any public knowledge or warning kind of freaks me out.
Last edited by SlyMaelstrom; 07-31-2014 at 11:17 AM.
Sent from my iPad®
Actually, I think what these guys do is wonderful. You think the NSA didn't know how to do this? Now that we all know this is possible, we can move forward and address it.
The people who present at Black Hat rarely self-identify as hackers or crackers. They tend to be employed by security research firms, or operate independently as "white hats." I'm sure some of them skirt the boundaries from time to time, but the people doing really bad things to other people aren't part of this group.
Code://try //{ if (a) do { f( b); } while(1); else do { f(!b); } while(1); //}
O_oActually, I think what these guys do is wonderful. You think the NSA didn't know how to do this? Now that we all know this is possible, we can move forward and address it.
I agree that the "whitehats" are wonderful, but we've known the technique was possible attack vector for a long time.
The news here is actually that it works alarmingly well.
We may soon see a "sneaker net" less secure than open wireless.
Soma
“Salem Was Wrong!” -- Pedant Necromancer
“Four isn't random!” -- Gibbering Mouther
Don't blame the hackers, blame the lazy BIOS/OS devs.
This is easy to fix: Any new devices claiming to be input devices must be approved by the user. If the system is a desktop (or, by default) then the first discovered keyboard is automatically accepted. If the system is a server, it can be configured to disallow any input devices.A device can emulate a keyboard and issue commands on behalf of the logged-in user
Can be prevent by mostly the same means as above.The device can also spoof a network card
This is fixed by the BIOS prompting the user when it tries to boot off the non-default drive.A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus
Of course, if you buy a device that does work as advertised, but is also malicious, then there's really not much as way of prevention that one can do, like everything else in life.
I'd rather blame both.