This activity is platform-specific… most likely wont work on Linux,unless Linux got udev and upstart rules for automatically install new Ethernet interface and route traffic to it – windows makes most of it automatically and almost silently. That’s why having autorun enabled at all times is bad – not only because of infected flash drives, any USB device can do that.
OF course that can be spoofed by microcontroller (as they are written in its ROM) and some vendor ignore necessity to setup serial and ID (which creates problem with several similar devices, especially with touchscreens)Īs well as action described above is possible only under admin rights, or at least under user which got rights to install devices and driver – microcontroller uses standard stack to tell OS to virtual create device node, or, even more, it may emulate CR and “autorun” own driver from itself. Each device got vendor and model ID as well as individual number and serial number. > your computer cant tell if plugged keyboard is the same one that was plugged yesterday, it also cant tell if isight camera build into the laptop has the same firmware it had yesterday Posted in Peripherals Hacks, Security Hacks Tagged badusb, blackhat, malware Post navigation If you are smart enough to suspect BadUSB, how long will it take you to figure out if its your mouse, your keyboard, a thumb drive, a webcam, your scanner… you get the point. Worse yet, because the controller is invisible to the computer there’s almost no way to scan for infected devices. Once discovered, you can wipe the computer and this will stop happening until you plug the same device again and reinfect. You can still load a webpage via WiFi but the fake connection is forwarding packets to a second server. The USB device enumerates and very quickly sets up a spoofed Ethernet connection. How deeply do you think about plugging each and every USB device? Check out what happens at 19:20 into the video below. To the computer it’s a perfectly normal and functional USB device, while all the bad stuff is happening on the peripheral’s controller where the computer can’t see it. BadUSB is an attack that adds malicious functionality to this microcontroller. The uC is “invisible” in this situation, it’s the interface and data flowing through it that the computer cares about.
The computer doesn’t care which microcontroller, nor does it have a way of knowing even if it wanted to.
Here’s how this one goes: all USB devices rely on a microcontroller to handle the peripheral-side of USB communications. Now the talk has been posted and there’s a well-explained overview article at Big Mess o’ Wires. The exploit had been announced the same week at Blackhat but there wasn’t much information out yet. We first heard about it when we were attending DEFCON in August. The BadUSB exploit attack stems from the “invisible” microcontroller in most USB devices. Does anyone else get the feeling that the frequency of rather horrible vulnerabilities coming to light is accelerating? Off the top of our head, there’s Heartbleed, Shellshock, and now this one.