2014-10-11

#BadUSB code made public #badBIOS #android #linux #mac #Windows

news.cyb/sec/#badBIOS/#BadUSB code made public:
10.11: summary:
. in 2013 I wrote about #badBIOS malware
apparently infecting my mac and linux/pc;
 recently a demonstration of badUSB
has proven a key technology needed by badBIOS;
but the code was not revealed; because,
USB is considered to be unpatchable,
unless $billions in hardware were replaced .
. even more recently,
other researchers have released the code .
 
10.11: #badUSB is proof of #badBIOS:
A reprogrammed USB device can emulate a keyboard
and issue commands on behalf of the logged-in user,
for example to exfiltrate files or install malware.
Such malware, in turn, can infect
the controller chips of other USB devices
connected to the computer.
A BadUSB device can even replace the computer's BIOS
This is in fact classic #badBIOS,
spreading from USB device to computer to USB device.
10.11: srlabs.de`BadUSB summary:
A BadUSB device may replace the computer’s BIOS;
Once infected, computers and their USB peripherals
can never be trusted again.
We are not yet releasing the modified
USB controller firmwares.
Instead we are providing a proof-of-concept for
rooted Android devices
that you can use to test your defenses .
. see vid of report at Blackhat conference .
. see code [.ZIP] for infecting a rooted Android phone
so that it infects a pc that it usb's into for recharging .

10.9: wired.com`#BadUSB code made public:
Karsten Nohl demonstrated a BadUSB attack
showing that it’s possible to corrupt any USB device
with insidious, undetectable malware.
Given the severity of that security problem
—and the lack of any easy patch—
Nohl has held back on releasing the code
But Adam Caudill and Brandon Wilson
argue that making a working exploit available
is the only way to pressure USB makers to
change the tiny devices’ fundamentally broken security scheme.
see the code:
Phison 2251-03 (2303) Custom Firmware
& Existing Firmware Patches (BadUSB)
. publicly releasing the USB attack code
will allow penetration testers to use the technique,
all the better to prove to their clients
that USBs are nearly impossible to secure in their current form. 
10.11: badUSB hacks known since the 90's:
Florian Maier Jul 31:
The concept of bad usb devices is not new.
See mwrinfosecurity.com 2011
or check the goodfet facedancer21 code .
More interesting are the recently leaked nsa docs
showing wifi extensions shown here:
(usb bridge to a targeted network
and means to load malware onto pc).
... Cheers, Florian
(pwning people with usb since the 90ies);

buy a usb stick that hacks any usb box:

Hak5`Rubber Ducky usb stick:
. deploy malware in seconds on any target,
Windows, Mac, and Linux .
. write payloads that include
wifi AP with disabled firewall,
reverse shell binary injection,
powershell wget and execute,
retrieve SAM and SYSTEM,
create wireless association.
. vid showing it emulate a keyboard .
see Hak5`How to Crack Windows Passwords
with a Rubber Ducky

RubberDucky has open modifiable firmware:
Firmware to Support HID [keyboard emulation]
on Windows, Linux, Mac OS X, Android & IOS;
Firmware to act like USB Drive;
Firmware to Support Multiple Payloads in HID mode
(Triggers via Keyboard LEDs);
Operating Systems Supported:
Windows, Android, Apple iOS,
Unix (Linux,Solaris,BSD, Apple OSX),
Simple-Ducky Payload Generator:
The simple-ducky is the ultimate companion
for the USB Rubber Ducky.
It's an open source tool designed to
help penetration testers when performing
a physical access security audits.
It allows them to quickly create reliable, customized
payloads for just about any attack.
The Simple-Ducky supports most Debian based Linux distro's.
. With the simple-ducky in a matter of seconds you can:
Create your evil executable
(its automatically placed in your web directory)
Create your inject.bin
Launch a listener (meterpreter or netcat)
Generate custom password list's
Crack extracted passwords
And so much more...