Author Topic: Is USB Doomed? New Firmware Exploit Cannot be Fixed  (Read 3341 times)

The malicious code acts like a keyboard or mouse, there is no need for something to open and install.
yeah but a normal flash drive cant do this. not unless it has a processor built into it to know exactly what to do (type or move cursor)
(see: rubber ducky usb)
that is a legitimate product that does the same thing. only difference is that it has a processor built into it that makes it type custom code like a keyboard

unless its something easy to exploit like ive said before about windows telling the usb to install its drivers and then it fetches malware or something instead

Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

This is kinda hilarious. I've been unplugging my flash drives for years while doing "risky" things on the internet *cough*. Assuming that helps.

Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/
interesting. so they do have a processor, more so micro controller
i always thought it was the os fully controlling the usb stick but i guess its not
well the more you know

hmm that gives me an idea
ill look through the code sometime and see if i can do anything with it
« Last Edit: October 05, 2014, 07:46:11 PM by Blockzillahead »

Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

"Usually, a thumb drive announces itself as mass storage. If it also announces itself as a keyboard, today's desktop operating systems play along and attach it as another keyboard source to cause mischief."

The malicious code acts like a keyboard or mouse, there is no need for something to open and install.

I know exactly what it's doing lol.

I know exactly what it's doing lol.
Alright cool? I never said 100% for sure every single person...

So couldn't they just release an OS patch where when you plug in a usb device it says, is this a keyboard?

So couldn't they just release an OS patch where when you plug in a usb device it says, is this a keyboard?

Its inherent in the USB platform itself, the firmware. You can't fix that without replacing every single USB and USB dock in the world.

Its inherent in the USB platform itself, the firmware. You can't fix that without replacing every single USB and USB dock in the world.
You could have computers not just accept USB the way they do. USB device says, "I am X type of USB device." Computer says, "you are a storage device until I decide otherwise."

time to revert back into ps2 ports guys.
(just kidding)

Yeah, it's pretty stupid to say something cannot be fixed. Absolutes like that should be reserved until several tries are actually made to fix it.

You could have computers not just accept USB the way they do. USB device says, "I am X type of USB device." Computer says, "you are a storage device until I decide otherwise."

Then how would you go about setting up a fresh computer, using a keyboard or mouse interface? There would be no OS to install drivers or decide otherwise.

Then how would you go about setting up a fresh computer, using a keyboard or mouse interface? There would be no OS to install drivers or decide otherwise.
What he meant to say was that once a usb device tells the computer what type it is, it shouldn't be able to change that or say that it's multiple types, and that you can patch the OS to make sure that that's the case.

But this exploit doesn't say its multiple things, or changes what it is. It acts as if it is an interface, and injects its code into the computer. Plus, what if there is no OS to do this check? Again, its an inherent USB problem.

Plus, what if there is no OS to do this check? Again, its an inherent USB problem.
then the usb cant do anything in the first place