amusing for USB RNGs :)

ianG iang at
Fri Aug 1 13:02:22 BST 2014

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”
Researchers devise stealthy attack that reprograms USB device firmware.

by Dan Goodin - Jul 31, 2014 1:21 pm UTC

When creators of the state-sponsored Stuxnet worm used a USB stick to
infect air-gapped computers inside Iran's heavily fortified Natanz
nuclear facility, trust in the ubiquitous storage medium suffered a
devastating blow. Now, white-hat hackers have devised a feat even more
seminal—an exploit that transforms keyboards, Web cams, and other types
of USB-connected devices into highly programmable attack platforms that
can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices
new, covert capabilities. In a demonstration scheduled at next week's
Black Hat security conference in Las Vegas, a USB drive, for instance,
will take on the ability to act as a keyboard that surreptitiously types
malicious commands into attached computers. A different drive will
similarly be reprogrammed to act as a network card that causes connected
computers to connect to malicious sites impersonating Google, Facebook
or other trusted destinations. The presenters will demonstrate similar
hacks that work against Android phones when attached to targeted
computers. They say their technique will work on Web cams, keyboards,
and most other types of USB-enabled devices.
"Please don't do anything evil"

"If you put anything into your USB [slot], it extends a lot of trust,"
Karsten Nohl, chief scientist at Security Research Labs in Berlin, told
Ars. "Whatever it is, there could always be some code running in that
device that runs maliciously. Every time anybody connects a USB device
to your computer, you fully trust them with your computer. It's the
equivalent of [saying] 'here's my computer; I'm going to walk away for
10 minutes. Please don't do anything evil."


More information about the Discuss mailing list