« previous next »
Pages: 1 [2] 3 4 5

Author Topic: Is USB Doomed? New Firmware Exploit Cannot be Fixed  (Read 3244 times)

Blockaium

October 05, 2014, 05:08:39 PM
forget
i dont get it though, how could my brand new usb that only I have used be infected with a virus? someone explain2me pls

Ad Bot

Advertisement

HellHound

October 05, 2014, 05:12:33 PM
Quote from: Blockaium on October 05, 2014, 05:08:39 PM
forget
i dont get it though, how could my brand new usb that only I have used be infected with a virus? someone explain2me pls
It isn't.

ShadowsfeaR

October 05, 2014, 05:13:02 PM
Oh my god, its an exploit, not literally a virus. Its the fact that this exploit can be used to transmit undetectable viruses that causes alarm. In fact, I don't think you can actually get the virus without plugging in an infected USB.

So basically don't donwload USB of hte internet :^)

Blockaium

October 05, 2014, 05:16:47 PM
oh

so im not worried at all
but making sure, asking again: say i plug in a brand new ipod usb charger into my laptop
would that have the 'exploit' or only if it was plugged into an infected computer first?

Brickman

October 05, 2014, 05:23:58 PM
Quote from: pefu19 on October 05, 2014, 04:45:29 PM
>tfw using linux/mac
the article didn't even say anything about windows, or operating systems at all. Mac and linux use USB too.

ShadowsfeaR

October 05, 2014, 05:25:31 PM
Quote from: pefu19 on October 05, 2014, 04:45:29 PM
>tfw using linux/mac

Protip: firmware doesnt mean jack stuff to OS

Blockzillahead

October 05, 2014, 05:29:23 PM
why worry about something that doesnt even exist?
every article is absolutely blowing this out of proportions. yes everyone is aware that usb exploits exist. its been done before. nobody is worried beacause they are easily blocked and patched.

we are not given any insight on this "badusb" thing whatever it is. we dont know who this Noel and Clapper guys are. googling it brings nothing but the same set of articles talking about how we are all dead. no proof of the malware existing, nothing is explained about the exploit and we dont have a clue who these people are or what they do apart from being bad ass elite hackers with a fedora.

you want a hack tool? go and purchase yourself one of them "rubber ducky usb" tools and youve got yourself an auto booting usb virus. plug it in and it executes anything you program for it. it acts as a keyboard. exactly what this "badusb" thing is being described as

besides its not a malware that infects your usb. you purchase a usb that is already infected from manufacturing and when plugged into pcs it transports itself over infecting it. dont purchase flash drivers from a cheap chinese man in a dark alleyway

Kishgal

October 05, 2014, 05:37:57 PM
Quote
Speaking at Derbycon in Louisville, Kentucky last week, Adam Caudill and Brandon Wilson showed the revealed code, and have now posted it on GitHub.
I sure do hope somebody punches these idiots.

But the solution here is the same as it is with any other form of malware: Don't download it.

Quote from: Blockaium on October 05, 2014, 05:16:47 PM
but making sure, asking again: say i plug in a brand new ipod usb charger into my laptop
A charger has no capacity for storage.

blueblur121

October 05, 2014, 05:39:17 PM
Quote from: pefu19 on October 05, 2014, 04:45:29 PM
>tfw using linux/mac
>implying that makes a difference

TheABELBOTO

October 05, 2014, 05:40:17 PM
I was expecting furling to make this after seeing the title

AutoBahn

October 05, 2014, 05:40:20 PM
Quote from: Blockzillahead on October 05, 2014, 05:29:23 PM
besides its not a malware that infects your usb. you purchase a usb that is already infected from manufacturing and when plugged into pcs it transports itself over infecting it. dont purchase flash drivers from a cheap chinese man in a dark alleyway
Basically this. The only people that would be directly effected by this are mainly companies with poor security policies, and people who are really, really handicapped.

Ipquarx

October 05, 2014, 05:41:07 PM
Quote from: Blockzillahead on October 05, 2014, 05:29:23 PM
we are not given any insight on this "badusb" thing whatever it is. we dont know who this Noel and Clapper guys are. googling it brings nothing but the same set of articles talking about how we are all dead. no proof of the malware existing, nothing is explained about the exploit and we dont have a clue who these people are or what they do apart from being bad ass elite hackers with a fedora.
There's a link to a github page which explains everything and includes source code for the malware and how to use it. I'm guessing you didn't actually read the whole article..? lol.

Blockzillahead

October 05, 2014, 05:45:28 PM
Quote from: Ipquarx on October 05, 2014, 05:41:07 PM
There's a link to a github page which explains everything and includes source code for the malware and how to use it. I'm guessing you didn't actually read the whole article..? lol.
i did but because the first 3 links were just irrelevant when i saw the "on github" part i assumed it was going to link me to the github site itself and not the page that contains the code. oh well

ShadowsfeaR

October 05, 2014, 06:00:47 PM
Quote from: Ipquarx on October 05, 2014, 05:41:07 PM
There's a link to a github page which explains everything and includes source code for the malware and how to use it. I'm guessing you didn't actually read the whole article..? lol.

It isn't malware, it's the code for the firmware exploit.

-Setro-

October 05, 2014, 06:03:45 PM
he's a loving idiot for releasing it
Pages: 1 [2] 3 4 5
« previous next »