The original half of the USB is unsafe

Source: Internet
Author: User
Keywords Lei Feng Net
Tags .net computer computer hacker control control chip files hacker hard

At the August Black Hat security conference, Nohl demonstrated the BADUSB attack, the principle of using USB control chip firmware can be reset this vulnerability to attack. This means that a USB controller can be infected with malware, virus files, and can send commands, steal files, or install malware by simulating a USB hard drive.

At the pacsec security conference in Tokyo, computer hacker Karsten Nohl unveiled the latest developments in its BADUSB study. They simulated attacks on the USB controllers of the eight vendors to see if the chips could withstand the attack. The test results showed that only half of the chips could be immune to the virus. and ordinary consumers by their own force, it is impossible to tell whether the USB chip is safe.

"Unlike when you insert a flash drive into a computer, the computer will automatically identify the source of the chip, and it's not easy to tell if the USB device is safe," Nohl said. ”

The problem now is that Nohl's research data does not seem to bring good news. Unlike computer manufacturers, USB device manufacturers do not label manufacturers on their chips. Even with the same product, they often choose the cheapest suppliers based on the price of the chip. In a USB chip analysis at the ShmooCon security conference earlier this year, security researchers found that Kingston uses USB chips produced by several companies. "The USB controller used in the Kingston USB drive may come from any one of these 5 or 6 suppliers," Nohl said.

To resolve the BADUSB vulnerability, the USB manufacturer is first required to clearly identify the new source of use. Creating a chip-marking system is difficult, making it trickier to resolve BADUSB security vulnerabilities. Thus, at the Black Hat Convention, Nohl did not publish BADUSB code to prevent malicious hackers from stealing the use. But two other independent engineers have "reverse-engineered" the Badusb and published their own BADUSB code to facilitate further research and pressure on manufacturers.

Currently has Imation company's USB manufacturer Ironkey, requests its USB flash drive firmware Upgrade all must use the not to forge the password to protect it, prevents the malicious tampering. Hopefully there will be more USB manufacturers doing so.

Nohl said that although some of the cost considerations, in the production of chips can not be rewritten, they are not easy to attack, but "any can be rewritten chips, are vulnerable to BADUSB threat."

There have been comments that Nohl's initial BADUSB study was narrowly limited to chip maker Phison, and its latest findings are a powerful rebuttal to the criticism. If the long-term vision, Nohl said that in view of the USB chip cohabitation, USB equipment industry is not transparent, the market every USB device may have this vulnerability.

Some people have accepted the fact that "USB device is unsafe", while others are still in the impression that "the BADUSB problem is only a Phison company's product loophole", they should be more alert and recognize the problem.


Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.