Researchers uncover fundamental USB security flaw, no fix in sight
Click here to post a comment for Researchers uncover fundamental USB security flaw, no fix in sight on our message forum
BABA-The Hacker
...and when "they(the vectors)" dont have (or knowingly ) no internet connectivity,,?????
:bed:
k3vst3r
JJayzX
A lot of people aren't getting what's going on. The problem is with the usb hardware communication protocol. This doesn't matter what operating system or device you are using. This is all about the information exchanged from the usb controller in the device to the usb controller in your pc.
Fox2232
@Valagard and others:
Do you really believe that your operating system (win/linux/mac) is aware (can be aware) about all those HW level calls/instructions/DMA/...?
Yes, there are ways how OS can scan USB drive FW unless it is write only for OS and it is read by its own controller at boot.
But no, if such modified device identifies to OS as 2 separate devices OS have no way to identify if it is real or fake device.
All USBs can simply share same wires on controller as you can stick USB bub for this very reason on it. USB is made to accept concurrent communications.
And there is no way to tell if one device uses 2 different HW IDs, listens and answers to 2 communications at once or you have 2 devices on USB hub.
And once you plug in USB device it already works, does what it was programmed to do before OS gets its HW ID and tries to install appropriate drivers so OS can use such device to full extent.
And I believe risk from emulation of mouse keyboard are jokes here, that is smallest what can happen. If device and identify itself as PNP0200 (DMA controller) or any other part of chipset?
If it could succeed in taking over or sharing role of some parts it would slow affected PC due to low bandwidth of USB but would allow to do a lot more.
FerCamâ„¢
So what about fixed function purpose made chips? Oh wait, engineers now just know to code now, that's a shame...
BedantP
What about the anti-hackable Linux? Linux is said to be "unhacakble" because it requires your password for everything, even uninstalling or installing apps or officially updating from their own repositories. I have Linux Mint 17. Snappier, Beautiful, awesome and With WINE (Used to run Windows Apps without emulation) it's my favorite OS.