Is USB Doomed? New Firmware Exploit Cannot be Fixed

[Kishgal]

too bad that usbs cant autorun on their own. not anymore at least.

???
my flashdrive has always properly identified itself as "richardbutt Drive" with a richardbutt icon on any Windows machine

[Ad Bot]

[Headcrab Zombie]

???
my flashdrive has always properly identified itself as "richardbutt Drive" with a richardbutt icon on any Windows machine

ok now try configuring it to automatically launch an executable contained on it when you plug it in
you can't
but the point is this firmware will allow you to

Anyways, this is a malicious firmware (basically code embedded onto a piece of hardware that makes it work), meaning a few points I've seen people not understanding:
1. It will affect any device with USB ports, whether it be a mac, windows, or linux pc. Possibly even TVs or game consoles and whatever other things have USB ports these days (What you could actually accomplish by attacking those, I'm not sure)

2. The usb device doesn't need "storage" capabilities, such as a flash drive, as that's not where firmware resides

3. An attacker would have to obtain the usb device, flash it with this custom firmware, and then physically give it to the victim

4. It's not going to just "infect" your devices by being plugged into an "infected" computer, and and "infected" computer can not "infect" your device

[Blockzillahead]

???
my flashdrive has always properly identified itself as "richardbutt Drive" with a richardbutt icon on any Windows machine

you know that autoplay option you get for cds/dvds?

Code: [Select]

[autorun]
open=setup.exe
yeah there was something like that for usb sticks
got removed with newer windows versions

[blueblur121]

you know that autoplay option you get for cds/dvds?

Code: [Select]

[autorun]
open=setup.exe
yeah there was something like that for usb sticks
got removed with newer windows versions

We're talking about the firmware here. While autorun may have been a way to distribute malware in Windows, it does not relate to what we're talking about.

The firmware on a device is code that makes it do things. Now with an exploit to USB firmware, you can launch executable files for any operating system (but the executable would have to be compatible with said OS)

[Blockzillahead]

We're talking about the firmware here. While autorun may have been a way to distribute malware in Windows, it does not relate to what we're talking about.

The firmware on a device is code that makes it do things. Now with an exploit to USB firmware, you can launch executable files for any operating system (but the executable would have to be compatible with said OS)

yeah... weve already been over this. what i said was part of another discussion

[KoopaScooper]

eSATA still da best 2005

[ShadowsfeaR]

then the usb cant do anything in the first place

Wrong, how do you think you edit BIOS and such prior to installing an OS? P sure its the mobo (the BIOS itself most likely) that recognizes the device and uses it as raw input.

[Plexious]

Wait, is it possible for my USB Keyboard to become infected?

[ShadowsfeaR]

Wait, is it possible for my USB Keyboard to become infected?

Depends. It only works with USB's that contain flash memory/microcontrollers. The exploit needs something to hold data on. If your keyboard has self-contained data for something like macros and profiles, then yes. But it would need to be physically interfaced by someone who knows how to exploit the fault and inject the virus into your computer.

So basically don't loving worry about it unless you're taking USB's from strangers.

[Kishgal]

Depends. It only works with USB's that contain flash memory/microcontrollers. The exploit needs something to hold data on.

so if you buy those goofy alienware and razer keyboards with macro memory, yes, maybe
...incidentally my mouse has memory for macros and dpi settings but i have never installed the drivers so i don't know if there's any way for it to be affected. guess i'll find out or i won't!

[Doomonkey]

Then how would you go about setting up a fresh computer, using a keyboard or mouse interface? There would be no OS to install drivers or decide otherwise.

All USB devices plugged in before you boot are interpreted as they need to be. Post boot, the system changes how it handles USB devices. Don't plug in storage devices when you are booting. If you are booting from a USB storage device, go to the BIOS without it plugged in. Tell the BIOS which port you are going to plug it into so it can make sure to not interpret that device as a keyboard or whatever.

[Harm94]

I prefer USBs over PS/2 connectors by a long shot.

[Headcrab Zombie]

Wait, is it possible for my USB Keyboard to become infected?

Depends. It only works with USB's that contain flash memory/microcontrollers. The exploit needs something to hold data on. If your keyboard has self-contained data for something like macros and profiles, then yes. But it would need to be physically interfaced by someone who knows how to exploit the fault and inject the virus into your computer.

So basically don't loving worry about it unless you're taking USB's from strangers.

Anyways, this is a malicious firmware (basically code embedded onto a piece of hardware that makes it work), meaning a few points I've seen people not understanding:
...
2. The usb device doesn't need "storage" capabilities, such as a flash drive, as that's not where firmware resides
...
4. It's not going to just "infect" your devices by being plugged into an "infected" computer, and and "infected" computer can not "infect" your device

[SquartleTurtle]

lol guys before you read that article make sure to put your tin foil hats on. the nsa will infiltrate your rooster

that sounds kinda hot

[#Ravencroft]

It's called google drive.