Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

BadUSB Malware Code Released — Turn USB Drives Into Undetectable CyberWeapons

Crypto

By Crypto
in Security Hive

 Share

Recommended Posts

Crypto Newbie

Crypto

Posted
Posted

BadUSB-Malware-Pendrive-security.jpg

 

 

Once again USB has come up as a major threat to a vast number of users who use USB drives – including USB sticks and keyboards. Security researchers have released a bunch of hacking tools that can be used to convert USB drive into silent malware installer.

 
This vulnerability has come about to be known as "BadUSB", whose source code has been published by the researchers on the open source code hosting website Github, demanding manufacturers either to beef up protections for USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
 
The code released by researchers Adam Caudill and Brandon Wilson has capability to spread itself by hiding in the firmware meant to control the ways in which USB devices connect to computers. The hack utilizes the security flaw in the USB that allows an attacker to insert malicious code into their firmware.
 
 

But Wait! What this means is that this critical vulnerability is now available online for hackers, cyber criminals and everybody to use so as to infect as many computers as they want.
 
SOURCE CODE AVAILABLE ONLINE TO EVERYBODY
In a talk at the Derbycon Hacker Conference in Louisville last week, the duo were able to reverse engineer the USB firmware, infect it with their own code, and essentially hijack the associated device. The researchers also underlined the danger of the Bad USB hack by going in-depth of the code.
 
The security hole was first revealed by researchers from Berlin-based Security Research Labs (SRLabs in Germany) at the Black Hat security conference in Las Vegas two months ago, and here you can watch thevideo of their presentation. The German researchers didn’t publish their source code because they thought it to be dangerous and too hard to patch.

“
We really hope that releasing this will push device manufactures to insist on signed firmware updates, and that Phison will add support for signed updates to all of the controllers it sells
,†Caudill said in a
. “
Phison isn’t the only player here, though they are the most common—I’d love to see them take the lead in improving security for these devices.
â€

THE GOOD NEWS AND THE BAD
The good news is that this vulnerability presents in only one USB manufacturer Phison electronics, a Taiwanese electronics company. But the bad side of it is that Phison USB sticks can infect any given device they are plugged into, and the company has not yet revealed who it manufactures USB sticks for. This is the fact it is still unclear as to how widespread the problem may be at the moment.
 
A Phison USB stick can infect any type of computer, but it isn’t clear if its able to infect any other USB device that is plugged into them afterwards or not. However, Phison controllers are found in a very large number of USB thumb drives available on the market.
 
 
BadUSB VULNERABILITY IS UNPATCHABLE
The flaw in USB basically modifies the firmware of USB devices, which can easily be done from inside the operating system, and hides the malware in USB devices in a way that it become almost impossible to detect it. The flaw goes worst when complete formatting or deleting the contents of a USB device wouldn't vanish the malicious code, since its embedded in the firmware.
 
According to Wired, the vulnerability is "practically unpatchable" because it exploits "the very way that USB is designed." Once infected, each USB device will infect anything it's connected to, or any new USB stick coming into it.
 
IMPACT OF BadUSB ATTACK
Once compromised, the USB devices can reportedly:
  • enter keystrokes
  • alter files
  • affect Internet activity
  • infect other systems, as well, and then spread to additional USB devices
  • spoofs a network card and change the computer’s DNS setting to redirect traffic
  • emulates a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware
During their Derbycon demonstration, the two researchers replicated the emulated keyboard attack, but also showed how to create a hidden partition on thumb drives to defeat forensic tools and how to bypass the password for protected partitions on some USB drives that provide such a feature.
 
MANUFACTURER DENIES THE PROBLEM
Security researchers tried to contact Phison electronics, the manufacturer of the vulnerable USB devices, but the company "repeatedly denied that the attack was possible."
 
 
                       Add Rep and Leave a feedback
  • Upvote 1

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Check out what our members are saying

    Southey
    Superfast communication, very fair and reasonable pricing. I would highly recommend it to anyone that needs a torrent invite 🙂
    GeraldReite
    Speedy and responsive, excellent rates, have ordered my invites and have not had any issues! 10/10 recommend!
    meJedi
    Inviter was very punctual in replying to all of my questionings and supervised me through the purchasing process. Everything worked just as he agreed, and there were no issues wi…
    an.shield.tv@gmail.com
    Excellent communication. Genuine seller. Got my invite, good guidance and advise given! Two thumbs up!
    Legobrah
    Promptly and effectively fixed a problem with one of the product (my error, not seller's). Will definitely be back and will recommend to others as a quality vendor. 5/5 Stars. A…
    XiaoPuErr
    我想说服务很棒,非常感谢工作人员的帮助  
    jjyoujj
    Great services, 100% satisfied.
    Serrak
    It's the first time I ever bought an invite for a private tracker, but after seeing as how certain private trackers are impossible to get into unless you know somehow or have so…
    mrlovelife
    Good place to buy real legit torrent invites, providing friendly and responsive help if required nice effort mainlining this site, keep up the good work :)
    jagoo1699
    Hello. A++ transaction. This was top notch communication and walk through from Inviter from start to finish. I successfully registered and am loving access to a really good one.…
    E
    At first I was skeptical, especially because some of the invites can be pricey. I went through the whole process and can say I am satisfied. I spent over $800 and they got me set…
    Shalimar122
    Extremely professional seller. No fuss deal. Very friendly and his after-sales service and advice is truly unparalleled. Buy with full confidence. And even if he does take a few…
    didako014
    Absolutely great, Inviter is very fast and nice when solving queries. I received my invite immediately, thank you so much!
    the_20a
    smooth process
    GigaFrance
    Very good service Fill up all my request Fast and secure Good contact. Trustable seller, 100% money back guaranteed. Traded usenet indexer.
    Zheltyy
    Got 2 accounts for a good price. Everything worked after the first try. Thank you @Inviter. Good job. Best regards, Zheltyy  
    drshockz
    Invite worked like a charm! Easy to use services and great co-operative staff. They had fast response times and helped guide me to the correct product and gave me a great deal on…
    21freckles
    Very prompt and professional.
    GreenGrass
    Smooth transaction, no complaints at all. Highly recommended!
    uG#38S
    Everything went perfectly. I got a torrent of a childhood TV Show that I couldn't find anywhere else, legal or otherwise.
    zhehang wu
    very good
    inann
    Trustable seller, 100% money back guaranteed. Traded ptp, bibliotik and cinematik.
    divyangtyagi1412
    Inviter provides lower prices than other providers and other forum owners by a higher margin. He is the man to buy from if you are looking for a torrent invites to any website h…
    Calka
    The service was really fast and fair. There haven't been any problems, and the seller was very professional.
    Henry Adams
    came on this scene thinking it may be a bit seedy but i found the absolute opposite. Inviter reached out and gave better customer service than pretty much all other services i'v…
    lolopopo72
    Well, he was really fast and loved that he didn't ask much and simply sent me an invite. 😊 It was painless and prompt. Thanks a lot, man.
    tiziano21211
    Fast, responsive and patient. I had the item exactly as described, and worked with me to get everything set up. I would buy from you again.
    Skavv
    First exchange I made, reasonable price, convenient payment method, simple and instant reactivity, no problem at all.

  • Our picks

    View All
×
×
  • Create New...