BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] code for hacked USB drive (BadUSB) released on Github
- Subject: [Discuss] code for hacked USB drive (BadUSB) released on Github
- From: cra at WPI.EDU (Chuck Anderson)
- Date: Mon, 6 Oct 2014 09:19:55 -0400
- In-reply-to: <54323F84.2000306@gmail.com>
- References: <54323F84.2000306@gmail.com>
On Mon, Oct 06, 2014 at 03:06:44AM -0400, Tom Metro wrote: > If these drives look like an ordinary USB storage drive when first > attached, I wonder what they are using as a trigger to have them switch > into malicious keyboard mode? I don't think it can pose as both > simultaneously. The switch might occur after a simple count down timer > starting when it was powered up. Why couldn't it pose as both simultaneoulsy? Couldn't it embed a USB hub to present more than one device id to the host? > So the tester gizmo just needs to wait it out. Maybe you'll "quarantine" > your USB drives for 24 hours before attaching them to your real > computer. At least until the hackers increase the delay, or figure out > how to fingerprint the host they are attached to, and only go malicious > if it's the desired target (like a machine running Windows). There's a > good chance this sort of fingerprinting would be possible by looking at > how the OS interrogates the USB controller. So your tester would need to > have a custom USB driver that emulates Windows or OS X. > > One way to address this vulnerability is to modify the OS to put up a > dialog any time a USB hotplug event is detected. "Found a new keyboard > device, identifying itself as ... If you did not just plug in a > keyboard, answer no. Use this device? Yes No" > > Of course the hackers could return an identification matching some very > popular USB keyboard and hope to get lucky, or pester the user enough > times so that they think their keyboard has a loose plug. Qubes OS can solve this problem by using VM isolation for USB, especially if you have a PS/2-connected keybaord and mouse (like most PC laptops' internal keyboards/touchpads). Just avoid Apple laptops. I wonder if the OSes can be tweaked to refuse new USB keyboards/mice after the first one has been connected.
- Follow-Ups:
- [Discuss] code for hacked USB drive (BadUSB) released on Github
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] code for hacked USB drive (BadUSB) released on Github
- References:
- [Discuss] code for hacked USB drive (BadUSB) released on Github
- From: tmetro+blu at gmail.com (Tom Metro)
- [Discuss] code for hacked USB drive (BadUSB) released on Github
- Prev by Date: [Discuss] Who makes the most reliable hard drives?
- Next by Date: [Discuss] code for hacked USB drive (BadUSB) released on Github
- Previous by thread: [Discuss] code for hacked USB drive (BadUSB) released on Github
- Next by thread: [Discuss] code for hacked USB drive (BadUSB) released on Github
- Index(es):