Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] code for hacked USB drive (BadUSB) released on Github

On Mon, Oct 06, 2014 at 03:06:44AM -0400, Tom Metro wrote:
> If these drives look like an ordinary USB storage drive when first
> attached, I wonder what they are using as a trigger to have them switch
> into malicious keyboard mode? I don't think it can pose as both
> simultaneously. The switch might occur after a simple count down timer
> starting when it was powered up.

Why couldn't it pose as both simultaneoulsy?  Couldn't it embed a USB
hub to present more than one device id to the host?

> So the tester gizmo just needs to wait it out. Maybe you'll "quarantine"
> your USB drives for 24 hours before attaching them to your real
> computer. At least until the hackers increase the delay, or figure out
> how to fingerprint the host they are attached to, and only go malicious
> if it's the desired target (like a machine running Windows). There's a
> good chance this sort of fingerprinting would be possible by looking at
> how the OS interrogates the USB controller. So your tester would need to
> have a custom USB driver that emulates Windows or OS X.
> One way to address this vulnerability is to modify the OS to put up a
> dialog any time a USB hotplug event is detected. "Found a new keyboard
> device, identifying itself as ... If you did not just plug in a
> keyboard, answer no. Use this device? Yes  No"
> Of course the hackers could return an identification matching some very
> popular USB keyboard and hope to get lucky, or pester the user enough
> times so that they think their keyboard has a loose plug.

Qubes OS can solve this problem by using VM isolation for USB,
especially if you have a PS/2-connected keybaord and mouse (like most
PC laptops' internal keyboards/touchpads).  Just avoid Apple laptops.

I wonder if the OSes can be tweaked to refuse new USB keyboards/mice
after the first one has been connected.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /