"Hey Siri" support and possibly wireless charging case alongside AirPower charging mat.
Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."
The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."
“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”
[ 138 comments ]
Top Rated Comments
(View all)
56 months ago
Nobody cares about wired attacks
This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.
Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.
Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
56 months ago
Interesting. In other news, remember kids, Apple is completely wrong to not include obsolete legacy ports like USB on their modern iOS devices.
56 months ago
At the end of the day, any malware that happens to be on a USB device has to be able to make it into the target computer. The article talks a lot about PCs which, historically, have been quite easy to compromise.
Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.
I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.
My PC on the other hand...
Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.
I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.
My PC on the other hand...
56 months ago
I guess this means USB is out and we will be using only thunderbolt for anything and everything starting with the elusive 12 retina macbook air! :cool: :p
56 months ago
It's cute that it can live in the firmware, but what is IT? What's the actual virus?
Also, is this computer herpes?
Also, is this computer herpes?
56 months ago
Looks like it is time for Firewire to return!:D
Just kidding but Thunderbolt looks cool.
Just kidding but Thunderbolt looks cool.
56 months ago
It's not NSA we should be worried about.
It's the companies who make the USB sticks, probably mostly in China.
Remember about six years ago, when it was discovered that a commonly used credit card payment terminal (made in China), had been modified before they were packaged up, and then installed at hundreds of stores in Europe?
These terminals had extra circuitry installed to skim the card numbers and PINs and transmit them to another gang in Pakistan. They got tens of millions of dollars before the scheme was figured out.
(Since they were sealed, the only non-destructive way to tell if your store had one, was to weigh it, as the modified units weighed about 3 ounces more.)
The same kind of so-called "supply chain" scheme could be done by a company selling cheap USB sticks.
It's the companies who make the USB sticks, probably mostly in China.
Remember about six years ago, when it was discovered that a commonly used credit card payment terminal (made in China), had been modified before they were packaged up, and then installed at hundreds of stores in Europe?
These terminals had extra circuitry installed to skim the card numbers and PINs and transmit them to another gang in Pakistan. They got tens of millions of dollars before the scheme was figured out.
(Since they were sealed, the only non-destructive way to tell if your store had one, was to weigh it, as the modified units weighed about 3 ounces more.)
The same kind of so-called "supply chain" scheme could be done by a company selling cheap USB sticks.
[ Read All Comments ]
Mophie recently announced the launch of its largest battery pack yet, the Powerstation 3XL, which is designed for charging Apple's line of MacBook and MacBook Air devices.
The Powerstation...
Apple today seeded the third beta of an upcoming macOS Mojave 10.14.2 update to developers, one week after seeding the second beta and two weeks after releasing the macOS Mojave 10.14.1 update.
...
Apple today seeded the third beta of an upcoming tvOS 12.1.1 update to developers for testing purposes, one week after releasing the second tvOS 12.1.1 beta and two weeks after releasing tvOS 12.1.
...
Apple today seeded the second beta of an upcoming watchOS 5.1.2 update to developers, one week after seeding the first beta and a little over a week after releasing watchOS 5.1.1, an updated version...
Twelve South today announced updated versions of its BookBook, Journal, and SurfacePad case accessories, which were built to fit the iPhone XS, XS Max, and XR.
BookBook combines an iPhone...
Best Buy today opened up another pre-Black Friday sale, calling this one its "Beat the Rush" sale and offering customers savings on iPhone XS and XS Max, 4K TVs, Beats headphones, Philips Hue...
Apple's latest Apple Pay promotion is offering $45 off your next purchase from Ray-Ban, as long as you spend $180 or more on your current order. The offer is available on Ray-Ban.com...
Twitter has changed the way the Explore tab works in its official iOS app, with entries now organized based on topic and divided up into separate navigable sections.
Twitter says the update...
