Status
Not open for further replies.

sid_16

Level 18
Verified
It’s been just two months since researcher Karsten Nohl demonstrated an attack he called BadUSB to a standing-room-only crowd at the Black Hat security conference in Las Vegas, showing that it’s possible to corrupt any USB device with insidious, undetectable malware. Given the severity of that security problem—and the lack of any easy patch—Nohl has held back on releasing the code he used to pull off the attack. But at least two of Nohl’s fellow researchers aren’t waiting any longer.

full story....... http://www.wired.com/2014/10/code-pu...le-usb-attack/

would you say goodbye to your usb?
 

Cats-4_Owners-2

Level 38
Verified
Trusted
would you say goodbye to your usb?
That is a good question! I use, on average, three to four different portable browsers. Although I sandbox these browsers using Sandboxie, the story's comments about our not even being able to tell if a flash stick is infected is disheartening.

Come on, malwarebytes, develop an anti-exploit for USB flash drives!

Update: We do not have auto-run enabled which is a good thing, (right?:)) and depending upon which system it is that we insert a USB "stick", either Avast or ESET offers a scan of the drive.
If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)
This may be completely different from read/write protection,:rolleyes: but we do have "MC Shield 3.0.5.28", a free program which scans all flash drives coming and going on our 8.1 system.
A search revealed another free software, "USB Write Protect 2.0.0".
Does anyone use the latter, and if so could we all benefit from this or something like it?o_O
 
Last edited:

Cch123

Level 7
Verified
The newspapers always seem to hype up anything. There is nothing interesting about BadUSB. First, BadUSB is not a malware itself. People need to get this right. It is simply firmware reprogramming of USB drives (I do not consider this to be a software modification), which can be used to inject malware into the system during boot time. The only reason why they say it is "unremovable" is because the usb drive is still infected even during complete reinstalls. The thing is, one of the most important rules of security is that the moment you let someone get to your device, it isn't yours anymore. Just follow this rule and they can't do anything with BadUSB.
 
Last edited:

Solarquest

Moderator
Verified
Staff member
Malware Hunter
When you insert an usb device in the pc what happens exactly? Doesn't the pc reads the usb s firmware to know what is being attached? If this is infected than shouldn t this firmware check be enough to activate the malware in the firmware? Why is a Hardware write protection not so safe? If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)
 

Blackhawk

Level 3
When you insert an usb device in the pc what happens exactly? Doesn't the pc reads the usb s firmware to know what is being attached? If this is infected than shouldn t this firmware check be enough to activate the malware in the firmware? Why is a Hardware write protection not so safe? If the usb is not infected and is write protected than it stays safe until the protection is removed, or? I remember the floppy disk, I always write protected them unless I needed to update them, until then, I was sure they were not Infected....it was a nice feeling:)


Right the way I see it if you have read/write protection nothing can be written to it, it can't be exploited. I'd like to hear why the other poster said "no not realy" to this... he never explained why he thinks this isn't so.
 

Blackhawk

Level 3
A read/write protection switch WILL prevent these issues. I did the research and everything I've read says this is the case. The other poster saying "no not really" has yet to say why he made that comment. Nothing against him, but it does not appear his vague comment holds any water whatever it may be. I guess he will leave us in suspense and we will never know as he will not elaborate.
 

Solarquest

Moderator
Verified
Staff member
Malware Hunter
Bravo Gdata! First to release a patch and for free! Hope to see soon other av vendors with updates and protection against badusb attacks. ..Emsi apparently would catch flashing attempts with the behavioral capability and alert the user...but this was not rested yet since apparently no badusb malware is available to test Emsi agaist it...in my opi ion, already the code that was uploaded should be detected....

Moose, Cats-4-owners-2, thks for the update..
 
Status
Not open for further replies.
Top