« previous next »
Pages: 1 2 3 [4] 5

Author Topic: Is USB Doomed? New Firmware Exploit Cannot be Fixed  (Read 3247 times)

Blockzillahead

October 05, 2014, 07:09:44 PM
Quote from: ShadowsfeaR on October 05, 2014, 07:06:19 PM
The malicious code acts like a keyboard or mouse, there is no need for something to open and install.
yeah but a normal flash drive cant do this. not unless it has a processor built into it to know exactly what to do (type or move cursor)
(see: rubber ducky usb)
that is a legitimate product that does the same thing. only difference is that it has a processor built into it that makes it type custom code like a keyboard

unless its something easy to exploit like ive said before about windows telling the usb to install its drivers and then it fetches malware or something instead

Ad Bot

Advertisement

Ipquarx

October 05, 2014, 07:24:59 PM
Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

Oasis

October 05, 2014, 07:28:22 PM
This is kinda hilarious. I've been unplugging my flash drives for years while doing "risky" things on the internet *cough*. Assuming that helps.

Blockzillahead

October 05, 2014, 07:42:36 PM
Quote from: Ipquarx on October 05, 2014, 07:24:59 PM
Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/
interesting. so they do have a processor, more so micro controller
i always thought it was the os fully controlling the usb stick but i guess its not
well the more you know

hmm that gives me an idea
ill look through the code sometime and see if i can do anything with it
« Last Edit: October 05, 2014, 07:46:11 PM by Blockzillahead »

ShadowsfeaR

October 05, 2014, 08:03:43 PM
Quote from: Ipquarx on October 05, 2014, 07:24:59 PM
Alright, this article explains everything really well. If you don't know what you're talking about (which is pretty much everyone here including me) then read this and itll explain it: http://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

"Usually, a thumb drive announces itself as mass storage. If it also announces itself as a keyboard, today's desktop operating systems play along and attach it as another keyboard source to cause mischief."

Quote from: ShadowsfeaR on October 05, 2014, 07:06:19 PM
The malicious code acts like a keyboard or mouse, there is no need for something to open and install.

I know exactly what it's doing lol.

Ipquarx

October 05, 2014, 08:10:44 PM
Quote from: ShadowsfeaR on October 05, 2014, 08:03:43 PM
I know exactly what it's doing lol.
Alright cool? I never said 100% for sure every single person...

Doomonkey

October 05, 2014, 08:24:44 PM
So couldn't they just release an OS patch where when you plug in a usb device it says, is this a keyboard?

ShadowsfeaR

October 05, 2014, 08:29:41 PM
Quote from: Doomonkey on October 05, 2014, 08:24:44 PM
So couldn't they just release an OS patch where when you plug in a usb device it says, is this a keyboard?

Its inherent in the USB platform itself, the firmware. You can't fix that without replacing every single USB and USB dock in the world.

Doomonkey

October 05, 2014, 08:37:47 PM
Quote from: ShadowsfeaR on October 05, 2014, 08:29:41 PM
Its inherent in the USB platform itself, the firmware. You can't fix that without replacing every single USB and USB dock in the world.
You could have computers not just accept USB the way they do. USB device says, "I am X type of USB device." Computer says, "you are a storage device until I decide otherwise."

[Na Pulse]

October 05, 2014, 08:44:08 PM
time to revert back into ps2 ports guys.
(just kidding)

Oasis

October 05, 2014, 08:46:04 PM
Yeah, it's pretty stupid to say something cannot be fixed. Absolutes like that should be reserved until several tries are actually made to fix it.

ShadowsfeaR

October 05, 2014, 08:49:05 PM
Quote from: Doomonkey on October 05, 2014, 08:37:47 PM
You could have computers not just accept USB the way they do. USB device says, "I am X type of USB device." Computer says, "you are a storage device until I decide otherwise."

Then how would you go about setting up a fresh computer, using a keyboard or mouse interface? There would be no OS to install drivers or decide otherwise.

Ipquarx

October 05, 2014, 08:50:46 PM
Quote from: ShadowsfeaR on October 05, 2014, 08:49:05 PM
Then how would you go about setting up a fresh computer, using a keyboard or mouse interface? There would be no OS to install drivers or decide otherwise.
What he meant to say was that once a usb device tells the computer what type it is, it shouldn't be able to change that or say that it's multiple types, and that you can patch the OS to make sure that that's the case.

ShadowsfeaR

October 05, 2014, 08:55:21 PM
But this exploit doesn't say its multiple things, or changes what it is. It acts as if it is an interface, and injects its code into the computer. Plus, what if there is no OS to do this check? Again, its an inherent USB problem.

ZombieDude

October 05, 2014, 08:57:56 PM
Quote from: ShadowsfeaR on October 05, 2014, 08:55:21 PM
Plus, what if there is no OS to do this check? Again, its an inherent USB problem.
then the usb cant do anything in the first place
Pages: 1 2 3 [4] 5
« previous next »