Tuesday, October 07 2014
A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture.PHOTO: REUTERS/KACPER PEMPEL/FILES
German security firm Security Research (SR) Labs has just ramped up the severity of the USB malware hack exploit known as
BadUSB.
"No effective defenses from USB attacks are known. Malware
scanners cannot access the firmware running on USB devices. USB
firewalls that block certain device classes do not (yet) exist. And
behavioral detection is difficult, since a BadUSB device's behavior when
it changes its persona looks as though a user has simply plugged in a
new device," SR Labs wrote in their official blog about BadUSB.
Back in July, researcher
Karsten Nohl demonstrated a hack attack he dubbed BadUSB and presents the fundamental vulnerabilities of the USB technology.
He mentioned that they have engineered a malware exploit similar to
BadUSB that can be installed via the USB, which can completely take over
the systems of a PC.
Two weeks ago, researchers Adam Caudill and Brandon Wilson revealed
that they can "reverse engineer" the similar firmware that Nohl
established two months back.
"The belief we have is that all of this should be public. It shouldn't be held back. So we're releasing everything we've got," Caudill told the Derbycon hacker conference audience.
He added,
"This was largely inspired by the fact that [SR Labs]
didn't release their material. If you're going to prove that there's a
flaw, you need to release the material so people can defend against it."
The two men declined to name their employer, but insisted that for
the BadUSB exploit to be fixed, there needs to be more than "just a talk
at Black Hat."
They also argued that the BadUSB hack exploit might have already been
in use for quite some time now by influential bodies of the government,
such as the National Security Agency (NSA).
ΠΗΓΗ: http://www.ecumenicalnews.com/