USB storage devices (universal serial bus) proved far has security holes. If not addressed quickly, the bug could be disastrous for all USB users.
The security hole was first discovered by security researcher Karsten Nohl named. Two months ago, in a Black Hat security conference in Las Vegas, Nohl USB demonstrate attacks against the so-called method of "BadUSB".
Fearing the impact that would be caused would be great, then Nohl not willing to release the programming code that he used to carry out attacks.
But in Derbycon hacker conference in Louisville, Kentucky, USA last week, two hackers Adam Caudill and Brandon Wilson was also a way of doing a similar attack against USB.
It seems, Caudill and Wilson using reverse engineering methods to the same USB firmware used by Nohl, resulting in the same trick invented by Nohl.
Both then publish the code they use in breaking into a USB security on Github site. Motivation dissemination of the code so that the manufacturer can fix bugs USB based codes they publish.
"We believe that all of this must be known to the public, not hidden, because we release all what we found," said Caudill Derbycon conference, as quoted KompasTekno of Wired, Wednesday (10/08/2014).
"We are inspired by the SR Labs (leader Nohl) materials which do not release them, if you want to prove there is a weakness, then you have to release the material so that the public can take precautions," he added.
Nohl, Caudill, and Wilson tested this method to a USB device that is sold by the Taiwanese manufacturer, Phison. They reprogram the firmware flash disk that can Phison attack.
In one case, they showed that infected USB key can read keyboard typed in the machine being attacked.
Because attacking USB microcontroller firmware, the program will not be stored in the USB flash memory. Delete the entire contents of storage will also not be able to remove the malware.
Another trick is performed by Caudill files stored in the USB flash memory will be hidden, as well as turning off security features in a locked USB secretly.
"People only see the USB flash disk as a storage medium, they do not realize that in it there is a computer that can be reprogrammed," said Caudill.
Not clear how the spread of malware containing the code but the user has to be vigilant while waiting for a USB flash disk manufacturers "patch" the security gap.
0 Response to "Without Knowingly, BadUSB can "perch" in flashdisk"
Post a Comment