So, remember BadUSB?

So, remember BadUSB?

Postby Cyborg Girl » Thu Oct 02, 2014 7:03 pm

Guess what, the source code for the malware from hell is now on Github.

http://www.wired.com/2014/10/code-publi ... sb-attack/

Gee whiz, thanks a lot guys! *fumes*

Awful lot of faith in hardware manufacturers there, too. Do they seriously believe those companies will do anything that won't turn a profit?
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am

Re: So, remember BadUSB?

Postby FZR1KG » Thu Oct 02, 2014 7:45 pm

GJ, they are right to release the code.

We can go deeper into this if you like.
FZR1KG
 

Re: So, remember BadUSB?

Postby Cyborg Girl » Thu Oct 02, 2014 7:47 pm

I'm quite interested in hearing your position on this actually. :)

Edit: though I'm not sure of the utility of releasing it publicly, vs. just to the hardware vendors...
User avatar
Cyborg Girl
Boy Genius
 
Posts: 2138
Joined: Mon May 27, 2013 2:54 am

Re: So, remember BadUSB?

Postby FZR1KG » Thu Oct 02, 2014 8:05 pm

Software can be repaired via patches. That means anyone anywhere can implement the fix and it's sorted out.

Hardware can't always be repaired via patches.
When the hardware has an issue it needs to be done at the manufacturer level.

Now, just try and convince the manufacturers of USB devices that they need to redo their silicon.
Changing the hardware on US designed stuff will be easy. They will jump at the opportunity to fix the issue.
No big deal, but, the USA doesn't manufacture most of these devices.
China, Taiwan etc do.

The problem here is that many of these companies use the R&D that the USA and other countries with good IP laws develop, reverse engineer it and produce the same product at a much lower cost since their R&D is effectively copying someone else's work.

So how exactly do you convince them to change?
Answer: You can't unless you introduce something so in your face that no one will want it.

Their solution will be to put false claims out and wait till other companies do the R&D and make the hardware without security issues so they can copy it.
That is the best possible scenario in this.

The worst is that no one cares and they keep producing flawed parts even though there is a fix, simply because it's cheaper.

So note well, the problem here isn't that the hardware manufacturers won't change the design because that's what design engineers love.
It's a problem to fix and they will go at it like a bull in a china shop till it's done.

The problem is those that didn't have the capability to design the products in the first place now having a design that's insecure and flawed and convincing them to change.
The only option is to make it so public that people won't touch it. Then they will be forced to wait till a solution comes about and they can copy it and try to regain market share, defaulting to the best case.
FZR1KG
 

Re: So, remember BadUSB?

Postby Rommie » Fri Oct 03, 2014 10:28 am

I 100% agree with FZ on this. It is far easier to fix something when you can see what the hell it's doing, and to solve things when they are out in the open. Transparency is a good thing!
Yes, I have a life. It's quite different from yours.
User avatar
Rommie
 
Posts: 4056
Joined: Mon May 27, 2013 10:04 am

Re: So, remember BadUSB?

Postby FZR1KG » Sun Oct 05, 2014 3:06 am

I find your silence, disturbing, young skype talker. :P
FZR1KG
 


Return to Sci-Tech… and Stuff

Who is online

Users browsing this forum: No registered users and 8 guests

cron