This vulnerability has come about to be known as "BadUSB", whose source code has been published by the researchers on the open source code hosting website Github,
demanding manufacturers either to beef up protections for USB flash
drive firmware and fix the problem or leave hundreds of millions of
users vulnerable to the attack.
The code released by researchers Adam Caudill and Brandon Wilson
has capability to spread itself by hiding in the firmware meant to
control the ways in which USB devices connect to computers. The hack
utilizes the security flaw in the USB that allows an attacker to insert
malicious code into their firmware.
But Wait! What this means is that this critical vulnerability is now
available online for hackers, cyber criminals and everybody to use so as
to infect as many computers as they want.
SOURCE CODE AVAILABLE ONLINE TO EVERYBODY
In a talk at the Derbycon Hacker Conference in Louisville last week, the
duo were able to reverse engineer the USB firmware, infect it with
their own code, and essentially hijack the associated device. The
researchers also underlined the danger of the Bad USB hack by going
in-depth of the code.
The security hole was first revealed by researchers from Berlin-based Security Research Labs (SRLabs in Germany) at the Black Hat security conference in Las Vegas two months ago, and here you can watch the video
of their presentation. The German researchers didn’t publish their
source code because they thought it to be dangerous and too hard to
patch.
“We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that Phison will add support for signed updates to all of the controllers it sells,” Caudill said in a blog post. “Phison isn’t the only player here, though they are the most common—I’d love to see them take the lead in improving security for these devices.”
THE GOOD NEWS AND THE BAD
The good news is that this vulnerability presents in only one USB
manufacturer Phison electronics, a Taiwanese electronics company. But
the bad side of it is that Phison USB sticks can infect any given device
they are plugged into, and the company has not yet revealed who it
manufactures USB sticks for. This is the fact it is still unclear as to
how widespread the problem may be at the moment.
A Phison USB stick can infect any type of computer, but it isn’t clear
if its able to infect any other USB device that is plugged into them
afterwards or not. However, Phison controllers are found in a very large
number of USB thumb drives available on the market.
BadUSB VULNERABILITY IS UNPATCHABLE
The flaw in USB basically modifies the firmware of USB devices, which
can easily be done from inside the operating system, and hides the
malware in USB devices in a way that it become almost impossible to
detect it. The flaw goes worst when complete formatting or deleting the
contents of a USB device wouldn't vanish the malicious code, since its
embedded in the firmware.
According to Wired, the vulnerability is "practically unpatchable" because it exploits "the very way that USB is designed." Once infected, each USB device will infect anything it's connected to, or any new USB stick coming into it.
IMPACT OF BadUSB ATTACK
Once compromised, the USB devices can reportedly:
- enter keystrokes
- alter files
- affect Internet activity
- infect other systems, as well, and then spread to additional USB devices
- spoofs a network card and change the computer’s DNS setting to redirect traffic
- emulates a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware
During their Derbycon demonstration, the two researchers replicated the
emulated keyboard attack, but also showed how to create a hidden
partition on thumb drives to defeat forensic tools and how to bypass the
password for protected partitions on some USB drives that provide such a
feature.
MANUFACTURER DENIES THE PROBLEM
Security researchers tried to contact Phison electronics, the manufacturer of the vulnerable USB devices, but the company "repeatedly denied that the attack was possible."
Source : THN
Source : THN
0 comments :
Post a Comment