Olympus-OM
[Top] [All Lists]

Re: [OM] More on: Why the Security of USB Is Fundamentally Broken

Subject: Re: [OM] More on: Why the Security of USB Is Fundamentally Broken
From: Chuck Norcutt <chucknorcutt@xxxxxxxxxxxxxxxx>
Date: Wed, 08 Oct 2014 08:07:30 -0400
The German researchers who originally discovered the problem and spoke at the Blackhat conference did not release their code. But that talk gave Caudill and Wilson enough info to duplicate their work in 2 months time and those two have released their code at the Derbycon Hacker Conference in Louisville.

Sorry, Peter, but it's already out there and it didn't take long:
<www.wired.com/2014/10/code-published-for-unfixable-usb-attack/>

It's been almost 30 years since I've worked at the assembler level on a microprocessor but I'll bet that even my 70 year old brain could do this with 6-12 months of relearning and catching up. If Caudill and Wilson did it in two months given only the basic concepts others will extend it very quickly now given the code. Many of those will be bad guys.

ps:
The exploit code released wasn't even assembler. It's in C and C#. It wouldn't be too hard for me since the target processor is an Intel 8051 which dates back to 1980... something I'm a least partially familiar with as will many thousands of other programmers.

Chuck Norcutt


On 10/8/2014 12:48 AM, Peter Klein wrote:
But seriously, folks...

I am pretty much with Monsieur du Moose regarding the threat level
*today.*  So far, beyond the spook stuff, it's all theoretical.  If the
researchers who found the vulnerability actually release their code to
the public, then the danger goes way up quickly.  I hope they only give
it to the OS manufacturers, and that those folks keep it really close to
their vests until detection and cleaning or blocking methods are
developed and propagated.
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz