Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking USB Firmware

Posted by timothy on from the fun-profit-what's-the-difference dept.

An anonymous reader writes Now the NSA isn't the only one who can hack your USB firmware: "In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they've reverse engineered the same USB firmware as Nohl's SR Labs, reproducing some of Nohl's BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable." Personally, I always thought it was insane that USB drives don't come with physical write-protect switches to keep them from being infected by malware. (More on BadUSB here.)

2 of 97 comments (clear)

  1. Wired shouldn't write tech articles by Anonymous Coward · · Score: 3, Interesting

    TFA's author lazily uses the term "USB" to mean "USB storage device" as in USB flash sticks, hard disks and optical drives. But in reality this firmware issue affects all USB devices including mice, keyboard, printers. This is not a security flaw in the USB protocol, per-se, it's the retarded approach taken by the device hardware manufacturers to secure their firmware (read: no security at all). The same lack-of security issues affect devices on any kind of bus like SCSI, SATA, Firewire and Thunderbolt/Lightning.

  2. Re:back in my day... by Anonymous Coward · · Score: 2, Interesting

    Personally, I always thought it was insane that USB drives don't come with physical write-protect switches to keep them from being infected by malware.

    When they first came out, they had them. I think manufacturers started leaving them off because they could save a tenth of a cent on their cost. I still have a couple of old ones laying around with a switch, though they are small (like 128mb).