Remember Karsten Nohl? The security researcher who
discovered how to infect just about any USB device
with scarily savvy malware and delivered a lengthy talk
about it at this year's Black Hat conference? At the
time he didn't want to share the code for his exploit,
but fellow researchers Adam Caudill and Brandon
Wilson figured out how to pull off some of the same
tricks and they've published their findings on GitHub .
Why? To try and force device manufacturers to get
their security acts together.
Nohl's reason for withholding his code the first time
around was because he thought it was "unpatchable"
-- that is, there wouldn't be an easy firmware fix for
this potentially huge problem. We do mean huge, too:
the so-called BadUSB proof-of-concept allowed Nohl
(along with Caudill and Wilson after the fact) to
manipulate files installed from an infected USB device,
make an infected gadget act as a faux-keyboard that
attackers could control, and in some cases relay
personal information to a remote server. Some might
argue that releasing this sort of information into the
wild is irresponsible and dangerous, but Caudill and
Wilson hope to get USB vendors thinking seriously
about this potential threat by proving that there's
nothing potential about it.
VIA: Wired
SOURCE: GitHub
No comments:
Post a Comment