Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,195
30,136



usb3.jpg
Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."

The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device's memory would appear to the average user to be deleted. And the two researchers say there's no easy fix: The kind of compromise they're demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

"These problems can't be patched," says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. "We're exploiting the very way that USB is designed."
Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."

Article Link: Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
 

Zoiks

macrumors newbie
Mar 4, 2010
17
0
Does this mean the hacker needs direct access to the computer (USB), or is there something in the way USB was created that it leaves a backdoor open somehow through the internet (unlikely)?

Cheers
 

baryon

macrumors 68040
Oct 3, 2009
3,875
2,922
I don't get it: does the "virus" reside on the USB device (such as a flash drive, external HDD or charger) or does it get copied into the computer's USB firmware? So if someone plugs an infected USB device into a computer, does removing the device remove the virus?
 

0xyMoron

macrumors 6502
Oct 5, 2012
433
3
California
If the point of the virus is to spread to the computer then i'm sure Anti-Virus makers will be able to find a way to prevent the code from penetrating the Operating System, but if it only resides on the USB then simply do not allow inferior USBs to be plugged into your system, i've been doing that for years.
 

elev8d

macrumors 6502
Dec 9, 2008
340
102
Well, does that mean if USB was replaced with Thunderbolt completely, there wouldn't be vulnerabilities, or is it just a matter of time? Does this effect all Operating Systems? Couldn't you just disable your USB device hardware?
I guess maybe I should just watch the presentation :p
 

Crzyrio

macrumors 68000
Jul 6, 2010
1,586
1,110
Does this mean the hacker needs direct access to the computer (USB), or is there something in the way USB was created that it leaves a backdoor open somehow through the internet (unlikely)?

Cheers

I think it means, someone can give you a USB with infected firmware and inject something on to you computer when you plug it in.
 

LV426

macrumors 68000
Jan 22, 2013
1,824
2,246
At the end of the day, any malware that happens to be on a USB device has to be able to make it into the target computer. The article talks a lot about PCs which, historically, have been quite easy to compromise.

Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.

I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.

My PC on the other hand...
 

Naimfan

Suspended
Jan 15, 2003
4,669
2,017
Interesting to say the least.

I wonder how many more "flaws" will come to light, and how many of them will be ascribed to sinister motives, e.g., the NSA.
 

ConnYoungy

Cancelled
Aug 14, 2010
535
201
It's cute that it can live in the firmware, but what is IT? What's the actual virus?

Also, is this computer herpes?
 

JoEw

macrumors 68000
Nov 29, 2009
1,583
1,291
Looks like it is time for Firewire to return!:D

Just kidding but Thunderbolt looks cool.
 

proline

macrumors 6502a
Nov 18, 2012
630
1
Interesting. In other news, remember kids, Apple is completely wrong to not include obsolete legacy ports like USB on their modern iOS devices.
 

0815

macrumors 68000
Jul 9, 2010
1,793
1,065
here and there but not over there
It's cute that it can live in the firmware, but what is IT? What's the actual virus?

Also, is this computer herpes?

From what I read somewhere else it could e.g. pretend to be a network card and re-route your web requests to bad sites that than will infect your computer. Guess the problem is that it can than pretend to be any kind of hardware.
 

ChrisCW11

macrumors 65816
Jul 21, 2011
1,037
1,433
Nobody cares about wired attacks

This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.

Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.