Security researchers from SR Labs have uncovered a fundamental flaw in the way USB devices work. It affects every single USB device out there and worst yet, there's no line of defense short of prohibiting USB stick sharing or filling your USB ports with superglue. The flaw that security researchers Karsten Nohl and Jakob Lell plan to present next week at the Black Hat security conference in Las Vegas runs deeper than simply loading a USB drive with malware. Instead, it's built into the core of how the technology works.
After spending several months reverse engineering the firmware that handles the basic communications functions of USB devices, they were able to reprogram the firmware to hide malicious code. This firmware is present on every USB device within the controller chip - the component that facilitates communication between the USB device and the computer it's plugged in to. By loading malicious code on the firmware, it's essentially hidden from sight. Anti-virus scanners can't pick it up and formatting won't help, either. To prove their point, the team created a piece of malware called BadUSB that can be used to completely take over a PC, alter files invisibly and even redirect a user's Internet traffic.
Unsure if this will lead to anything, it's a interesting discovery but I imagine reverse engineering USB devices to access their firmware is pretty time consuming and acquiring the USB device itself wouldn't be that easy.
(Perhaps work environments and the like were such equipment is swapped around would be a bit more exposed?)
in idiot : they found out USB devices first read a CHIP NAND and then the MASS ... flash the nand with a firmware that has a virus ... presto
but to do the stuff , they write
you had to have this USB device with this ROM
that is on this NAND
all the time or make it so ,
this virus in this NAND will infect other CHIP NANDS ...
like your BIOS or DVD drive or other devices that you flash to update ...
oh gee a thing that was like forever in the haker scene is now made public ... and they want credit for it
Signature/Avatar nuking: none (can be changed in your profile)
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
