BadUSB

[proxx]

I love it.

https://srlabs.de/badusb/


A c/p from the website, this looks interesting.

Just some more : http://it.slashdot.org/story/14/07/31/149205/badusb-exploit-makes-devices-turn-evil

USB devices are connected to – and in many cases even built into – virtually all computers. The interface standard conquered the world over the past two decades thanks to its versatility: Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over the ubiquitous technology. And many more device classes connect over USB to charge their batteries.

This versatility is also USB’s Achilles heel: Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing.

Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

    A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
    The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
    A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

Defenses?
No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. USB firewalls that block certain device classes do not (yet) exist. And behavioral detection is difficult, since a BadUSB device’s behavior when it changes its persona looks as though a user has simply plugged in a new device.

To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer. A BadUSB device may even have replaced the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the USB thumb drive.

Once infected, computers and their USB peripherals can never be trusted again.

Tools. Please check back here for proof-of-concept tools to be released at BlackHat 2014 on August 7.

Questions? – usb [you know what to put here] srlabs.de

[kenjoe41]

Wooh! Nice find mate. I take back all i said, will be a good project to code about.
Infect every USB plugged in, DNS, emulate keyboards. Worth queing in project folder.

[Kulverstukas]

Sounds very cool. I'll be waiting for more news

[techb]

I'm skeptical. Some devices require more than just a usb connection to upload firmware.

[Schalla]

I agree with techb, that is just a h0ax like BadBios.

[techb]

The device would need something like a bootloader like Arduino uses to upload firmware. Else you would need like JTAG or some headers to upload the firmware.

Plus you would need to dump the existing firmware, which is usually locked with fuse bits, add your infection and re-upload the firmware. Not to mention if there is even enough memory to spare.

[kenjoe41]

The device would need something like a bootloader like Arduino uses to upload firmware. Else you would need like JTAG or some headers to upload the firmware.

Plus you would need to dump the existing firmware, which is usually locked with fuse bits, add your infection and re-upload the firmware. Not to mention if there is even enough memory to spare.

Aah, now you spoil the fun. So how real is this, would have been a fun project.

[Kulverstukas]

Guess its likely enough to talk about in a Blackhat conference.

[proxx]

Guess its likely enough to talk about in a Blackhat conference.

My point exactly, besides for those who ran it in a search engine, its pretty obvious is big news, dont think too little of it.

[BlackHack00]

This is exactly like the USB Rubber Ducky of hak5...It's something very useful!

[techb]

Guess its likely enough to talk about in a Blackhat conference.

Still have doubts and skepticism. I will need to read a doc or see a video before I get excited. I kinda doubt and glare at what it claims though. There might be something that can do something like this, cause I don't know the standards with the plug-n-play usb stuff, but I still have doubts. Lets see what blackhat has to say, and I will make judgment from there. As for now, I stick with what I have said.

[Stackprotector]

I did not really get it, it's like saying "people can craft USB devices who look like USB sticks but act like other USB devices so this us a leak in USB" and like techb says a device needs special hardware other than a USB stick.

[Phenom]

Id probably like to see this at the conference before I completely believe this although this is pretty cool! Thanks for sharing!

[fly_in_sky]

what the hell.

[iTpHo3NiX]

This sounds just like rubber ducky? Uses scripts at a local level that would be the same as sitting in front of a computer. This just gets auto initialized since old school USB hackblades no longer work due to restrictions in autorun by default. These just tell the computer hey I'm a keyboard here's my initialization command, run me.