TechSpot

Code to exploit fundamental USB flaw posted on Github

By Shawn Knight
Oct 3, 2014
Post New Reply
  1. Remember that fundamental USB security flaw that a pair of researchers unearthed back in July? You know, the one that allegedly affects every single USB device in the wild for which there is no fix for. While they did publically...

    Read more
     
  2. gamoniac

    gamoniac TS Addict Posts: 293   +69

    Releasing malicious code for public consumption... yet it makes sense in this crazy world. Well explained in the last two paragraphs.
     
  3. soulsassassin

    soulsassassin TS Booster Posts: 69   +14

    Science processor or science professor lol
     
  4. It's like releasing a deadly disease and say "then they'll build up an immunity"
     
    dnang likes this.
  5. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    "If you’re going to prove there’s a flaw, you need to release the material so people can defend against it, he added." As ridiculous as this sounds, he is actually right. Good point.
     
  6. Othnir

    Othnir TS Rookie

    Who is "they"
     
  7. No fix? bunk: there's always time to "do it over"

    the presentation of a USB device must be treated the same as the presentation of any unknown program: you have to authenticate before you execute.

    this requirement has been generally ignored by the computer industry since the microprocessor took over from the mainframe. "Back in the Day" when programs were sent on reels of 1/2" tape authentication was accomplished using traditional pen&ink on the package labels and enclosed transmitals.

    on the net you have to use PGP digital signatures.
     
  8. risc32

    risc32 TS Booster Posts: 197   +87

    it's not really like that at all. its more like, "the baddies have this, you should have it to, and the makers of these things need to address this. and this might spur them on."
     
  9. dnang

    dnang TS Rookie

    Yeah, and before the manufactures are able to fix million of devices already in use, the bad guys will be able to cause a lot of pain to users, a vast majority of them not tech-savy enough to even know this vulnerabilty exists.
    Which do you think is easer: create an exploit when you already have the sample code, or create a fix for it (you're on your own)?
     
    psycros likes this.
  10. BadThad

    BadThad TS Enthusiast Posts: 65   +28

    It would be nice if you posted the exact context of how the exploit can occur.
     
  11. How can I get the code for the usb flaw just want to analyse it in other to broaden my knowledge and may be I can also design a solution for it
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...