BadUSB: the most serious security flaw on USB is now public

Security
591
USB Cable

It was released the source code of BadUSB, a security flaw that allows you to modify the firmware of any USB device.

Security researchers Adam Caudill and Brandon Wilson published the source code for a vulnerability in the firmware of USB devices, known as BadUSB. Karsten Nohl revealed in July during the Black Hat security conference, the two researchers have carried out a reverse engineering to discover the details in order to make them public.

The goal is to get the attention of manufacturers of USB devices, so that these strive to provide some measure of security for BadUSB, to date still remained unsolved. As we know, all USB devices have firmware that manages the interface to devices to which you attach, and vulnerability is not present only on the USB stick, but it can be implemented on many types of devices, such as mice and keyboards.

Of course, USB devices do not have intrinsic procedures to prevent changes to the firmware code integrated, nor the protocol specifications provide countermeasures similar to such problems. The security software also cannot scan the firmware of the devices, nor do they have permission to do so. You can fix the flaw, according to those who have studied and spread, by checking the checksum during the installation of the device.

There is a solution then, but it may take very long periods of time for widespread use because it may be necessary to rewrite the standard from its foundations. The USB firmware have a size of 64KB, sometimes even less, sufficient to be able to integrate internally code able to perform keylogging, DNS redirects or other actions with malicious purposes. If the firmware gave negative results in the checksum comparison with the original one, with fix the device would be inoperable.

Any computer system is vulnerable to BadUSB, because of the open nature of the USB standard, whether based on OS X, iOS, Android, Windows or Linux. At the moment, there is no universal version of the exploit, or working with all USB devices. One published provides access to the firmware of USB sticks produced by Phison, but not the names of the companies are sourcing from the Taiwanese company.

Wisely 4450 posts 0 comments

This site was created by a group of passionate technology, with the purpose of collecting news, and review all the technological products at the moment.

You might also like More from author

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More