Hacker News Comments on
BadUSB - On Accessories that Turn Evil by Karsten Nohl + Jakob Lell
Black Hat
·
Youtube
·
2
HN points
·
5
HN comments
- This course is unranked · view top recommended courses
Hacker News Stories and Comments
All the comments and stories posted to Hacker News that reference this video.The NSA have been using Hard Drive Firmware exploits for years. Such an attack could hide malware that also survives a format[0] (Which is why I brought up a drive replacement in my prev post). I wouldn't be surprised if the same can't be done with SSD Firmware too (we have already seen people do "bad things" with USB Memory sticks [1])Also if a full BIOS flash has been performed you might be SOL as after a power cycle the modified BIOS is now the first thing loaded by your system (Or it might be the VBIOS, its been a while.) which could prevent future flashing of the BIOS or fake the flashing process but not actually flash anything. If you have a board that can recovery flash you might be able to recover but how do you trust the system afterwards?
As the BIOS is usually stored on a SPI Flash you could use an external programmer to dump the content of the flash and do a diff on the firmware file.
You have to think about who is your attacker. Are the Kiddies going to go to such lengths to stay persistent on a consumers laptop they use as a facebook machine? Prob not. But is it outside the scope of a determined attacker (or nation state) who managed to get a first stage attack malware inside a large company? IMO it would depend on how valuable they determine access to your network / data is.
[0] https://www.theregister.co.uk/2015/02/17/kaspersky_labs_equa...
[1] https://www.youtube.com/watch?v=nuruzFqMgIw
EDIT: I've not spoke about VBIOS infections as the GPU Vendors on at least modern cards have been really locking down their GPUS and as far as I've seen, I've yet to see any credible claims of attacks on GPU's in the wild (They could be out there, I've just not come across any.). But such an attack would be scary as hell (imo) as its a black box that has DMA access to the CPU (think like the Mac Thunderbolt attacks of old) and other devices on the PCI-e bus. Its one of the places I would be spending my time researching.
⬐ brudgersSlide Deck: https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-Bad...and it's discussion: https://news.ycombinator.com/item?id=8164766
On the one hand, this looks incredibly cool. On the other hand, I actually find it a bit worrying. With things like BadUSB[1] still out there, I would be worried about anything that gives USB devices more wide reach or higher privileges.That this project aims to offer "full functionality" of the device, afaik, means it is likely doing exactly the kind of thing that I find worrying. Can anyone talk about this a little more in-depth?
Since sharing USB flash drives is pretty much the equivalent of having digital unprotected sex anyway, I'm sure you'll get that soon enough.And it can get much, much worse than plain old viruses too:
For anyone interested in the subject I recommend watching the presentation [1] by by Karsten Nohl and Jakob Lell at Black Hat USA 2014.
⬐ darkrI particularly liked the DHCP server on USB hack for DNS hijacking.
The Video is also up on Youtube and adds quite a bit to the slides including some good demoshttps://www.youtube.com/watch?v=nuruzFqMgIw&list=UUJ6q9Ie29a...