Is USB Doomed? New Firmware Exploit Cannot be Fixed

[Ipquarx]

It isn't malware, it's the code for the firmware exploit.

Any software (firmware counts as software) that has malicious intentions (like the firmware exploit) is by definition malware.

[Ad Bot]

[Space1255]

Any software (firmware counts as software) that has malicious intentions (like the firmware exploit) is by definition malware.

Why do you keep using that font? Just curious.
On topic: Nvm, idiocy intensifies. .

[Doomonkey]

On topic: This is why I never get a new computer, my Mac works fine and has been for ten years.

This is not on topic at all. There is almost no relevance unless your computer is old enough to not have usb ports.

[Ipquarx]

Why do you keep using that font? Just curious.
On topic: This is why I never get a new computer, my Mac works fine and has been for ten years.

I'm taking the 1 week segoe ui challenge! And your macintosh is vulnerable too by the way, anything with a usb port is ;)

The malicious firmware can install any virus and i'm guessing execute any code it wants on the machine.

[ShadowsfeaR]

he's a loving idiot for releasing it

"The exploit was first detailed by a different researcher, Karsten Nohl, at the Black Hat security conference. Nohl opted not to release his exploit because he feared the vulnerability was unpatchable. Caudill and Wilson felt it was important to disclose the issue, so they duplicated Nohl’s work on their own. They argue the technique could already be in the hands of governments and private security firms, so it should be made public so the industry can begin working on a fix."

http://www.geek.com/news/an-unfixable-usb-bug-could-lead-to-unstoppable-malware-1605997/

Not saying that releasing may have been the most effective method, but letting it be known that this stuff needs to be fixed is important.

[Bomberguy]

usbs can easily inject a virus to your computer or millions of viruses and malware including adware
step 1 - attacker gets USB and plug into over-infected computer
step 2 - attacker inserts usb into flash or hard drive
step 3 - computer is infected
(ALTERNATES FOR YOU BIGASS HACKERS OUT THERE)
Do step 1 and 2 except step one is replaced with the virus as a ddos or spam bot to infect other computers
computer is infected
(TROGANS)
Do step 1 and 2 except with the trogan comes a spam bot which infects computer to spam other PCs (relates to alternatives with spam bot)
(DOWNSIDES)
if the user of the PC is as paranoid as stuff and uses no antiviruses because he thinks its a virus your good
other way around (user of the PC is as paranoid as stuff and uses tons of antiviruses) then your screwed he would call the cops on you if he has an antivirus that can track it
to its source using tracking cookies that track the virus IP back to the source IP
this is just my theory

[ZombieDude]

usbs can easily inject a virus to your computer or millions of viruses and malware including adware
step 1 - attacker gets USB and plug into over-infected computer
step 2 - attacker inserts usb into flash or hard drive
step 3 - computer is infected
(ALTERNATES FOR YOU BIGASS HACKERS OUT THERE)
Do step 1 and 2 except step one is replaced with the virus as a ddos or spam bot to infect other computers
computer is infected
(TROGANS)
Do step 1 and 2 except with the trogan comes a spam bot which infects computer to spam other PCs (relates to alternatives with spam bot)

i dont think you know what you're talking about

[Bomberguy]

i dont think you know what you're talking about

edited it, it now says its just my theory at the end

[Satan From Wreck-It-Ralph]

you know what you're talking about

[Bomberguy]

you know what you're talking about

you can actually get viruses onto a usb by virusing your computer downloading the viruses onto your usb and then injecting them by downloading
them on a different computer without anyone looking somehow

[AutoBahn]

usbs can easily inject a virus to your computer or millions of viruses and malware including adware
step 1 - attacker gets USB and plug into over-infected computer
step 2 - attacker inserts usb into flash or hard drive
step 3 - computer is infected
(ALTERNATES FOR YOU BIGASS HACKERS OUT THERE)
Do step 1 and 2 except step one is replaced with the virus as a ddos or spam bot to infect other computers
computer is infected
(TROGANS)
Do step 1 and 2 except with the trogan comes a spam bot which infects computer to spam other PCs (relates to alternatives with spam bot)
(DOWNSIDES)
if the user of the PC is as paranoid as stuff and uses no antiviruses because he thinks its a virus your good
other way around (user of the PC is as paranoid as stuff and uses tons of antiviruses) then your screwed he would call the cops on you if he has an antivirus that can track it
to its source using tracking cookies that track the virus IP back to the source IP
this is just my theory

you can actually get viruses onto a usb by virusing your computer downloading the viruses onto your usb and then injecting them by downloading
them on a different computer without anyone looking somehow

Stop posting. You don't know the slightest thing about what you're talking about.

[Blockzillahead]

ah
too bad that usbs cant autorun on their own. not anymore at least. this feature was removed long ago because of this issue

usbs that do execute things that are malicious sport a processor that help it behave like a keyboard/mouse
its as much executing as it is typing up the virus on your own pc and running it quickly

aka expensive and easily identifiable by the human eyeball. a charging cord for a phone cant do this. most flash drives cant do this
although there are usb flash drives that act as cd drives which windows lets you autoplay it in certain situations. i think sandisk. but they have an option of being a regular usb or a disk drive

[Ipquarx]

too bad that usbs cant autorun on their own. not anymore at least. this feature was removed long ago because of this issue

well you see this is exactly the situation. The firmware exploit lets you execute arbitrary code on the machine without ever having the user actually run anything.

[Blockzillahead]

well you see this is exactly the situation. The firmware exploit lets you execute arbitrary code on the machine without ever having the user actually run anything.

but how does it do that exactly. as far as im aware windows itself blocks this from happening.
then this is some sort of malware on the pc that executes the usb drive. because think about it. the usb doesnt have a processor. it doesnt know what to do. it only gets instructions from the pc "send me this file" or "get ready to download this file"

...or "install your drivers"
like is that how its done? by installing its "corrupt" firmware drivers onto windows? isnt that easy to identify and kill?

i dont want to go through the code on github because its absolutely disgusting to look at and no one is explaining it

[ShadowsfeaR]

The malicious code acts like a keyboard or mouse, there is no need for something to open and install.