!!

Welcome Guest

You are viewing this forum as a guest therefore You are Not Allowed to Post and Reply and You are not allowed to view links. Register or Login

collapse

* Search


* Recent Replies

How to Apply for Payoneer Card and US Payment Service to Receive Amazon & others by [Not Shown, Login to View]
[Yesterday at 07:46 PM]


Website design issUe by [Not Shown, Login to View]
[Yesterday at 04:55 PM]


Joint venture on a single site by [Not Shown, Login to View]
[Yesterday at 04:32 PM]


don't have a website but still wants to run the online marketin by [Not Shown, Login to View]
[Dec 09, 2017]


Webhost purchase by [Not Shown, Login to View]
[Dec 09, 2017]


Payoneer Application by [Not Shown, Login to View]
[Dec 09, 2017]


Bing Ads And Google Adwords Payment Methods by [Not Shown, Login to View]
[Dec 07, 2017]


Selling Ebooks At Amazon by [Not Shown, Login to View]
[Nov 26, 2017]


facebook fan page by [Not Shown, Login to View]
[Nov 26, 2017]


Pay Per Click Fraud. by [Not Shown, Login to View]
[Nov 20, 2017]


Amazon Images/Images from Amazon by [Not Shown, Login to View]
[Nov 19, 2017]


Amazon Tracking of associate IDs Faulty by [Not Shown, Login to View]
[Nov 18, 2017]


Facebook Ads Payment by [Not Shown, Login to View]
[Nov 18, 2017]


how can i put html text and html tag into the notepad by [Not Shown, Login to View]
[Nov 17, 2017]


Direct log in to blogger by [Not Shown, Login to View]
[Nov 15, 2017]


facebook ads by [Not Shown, Login to View]
[Nov 03, 2017]


How to make a 3D E-book Cover (E-Cover)? by [Not Shown, Login to View]
[Nov 01, 2017]


How Can I Change Or Beautify My New YouTube Page by [Not Shown, Login to View]
[Oct 31, 2017]


Any Free Wordpress Theme For uni/poly Portals? by [Not Shown, Login to View]
[Oct 31, 2017]


How long by [Not Shown, Login to View]
[Oct 30, 2017]


How do I continue? by [Not Shown, Login to View]
[Oct 30, 2017]


E-commerce Site by [Not Shown, Login to View]
[Oct 22, 2017]


Confused by Namecheap renewal fees by [Not Shown, Login to View]
[Oct 21, 2017]


Effective Paid Traffic Channel by [Not Shown, Login to View]
[Oct 20, 2017]


WordPress font by [Not Shown, Login to View]
[Oct 20, 2017]


pdf (ebook) from laptop to gmail acoun by [Not Shown, Login to View]
[Oct 18, 2017]


Website Traffic Season 12 - Amazing all-in-one tool for Google, Youtube, Amazon. by [Not Shown, Login to View]
[Oct 15, 2017]


Show/Hide Widgets in Blogspot Mobile Template by [Not Shown, Login to View]
[Oct 15, 2017]


How to Get Original Image For My Local News Blog by [Not Shown, Login to View]
[Oct 15, 2017]


how to create ebook covers by [Not Shown, Login to View]
[Oct 15, 2017]

Author Topic: USB Has a FundamentalSecurity Flaw That YouCan't Detect  (Read 292 times)

0 Members and 1 Guest are viewing this topic.

Offline [Not Shown, Login to View]

  • Level 3 (Regular)
  • ***
  • Posts: 216
  • Respect: +28
  • Gender: Male
  • Location: abuja
  • My Rank: 22
We all rely on USB to interconnect our digital lives
—-but new research first reported by Wired
reveals that there's a fundamental security flaw in
the very way that the humble Universal Serial Bus
functions, and it could be exploited to wreak havoc
on any computer.
Wired reports that security researchers Karsten
Nohl and Jakob Lell have reverse engineered the
firmware that controls the basic communication
functions of USB. Not only that, the've also written
a piece of malware, called BadUSB, that can "be
installed on a USB device to completely take over a
PC, invisibly alter files installed from the memory
stick, or even redirect the user's internet traffic."
Embedded within USB devices—from thumb drives
thorough keyboards to smartphones—is a
controller chip which allows the device and a
computer it's connected to send information back
and forth. It's this that Nohl and Lell have
targeted, which means their malware doesn't sit in
flash memory, but rather is hidden away in
firmware, undeletable by all but the most
technically knowledgable. Lell explained to Wired :
"You can give it to your IT security people,
they scan it, delete some files, and give it
back to you telling you it's 'clean... [But
these] problems can't be patched. We're
exploiting the very way that USB is
designed."
The kicker is that it's virtually impossible to check
whether a device's firmware has been tampered
with, and even if it was, there's no single trusted
version of it to check against. It's also worth
pointing out that it can travel both ways: a USB
stick could infect a computer with its malware, say,
and the PC could then infect any USB device
plugged into it.
So it's fairly worrying that the pair of researchers
have demonstrated—and will present at the
upcoming Black Hat security conference in Las
Vegas—that the flaw can be exploited on thumb
drives, mice, keyboards and even an Android
smartphone. (It should, in theory, work on any
USB device that can have its firmware
reprogrammed). Some of Wired's sources even
speculate that the hack could already be being used
by the NSA.
That's a lot of bad news—so what can you do
about it? Technically speaking, very little: there's
no patch of code that can be be used to solve the
problem. Instead, both the USB Implementers
Forum and the researchers point out that a change
in the way we use USB is the only solution: don't
plug a USB device into any computer you don't 100
percent trust, and don't plug untrusted USB device
into your computer either. That may prove
inconvenient—but it may also save you from a
very nasty surprise, too


moving to greater height

 

Related Topics

  Subject / Started by Replies Last post
7 Replies
1034 Views
Last post Apr 26, 2014
by [Not Shown, Login to View]

TinyPortal © 2005-2011
SimplePortal 2.3.5 © 2008-2012, SimplePortal