Code to exploit fundamental USB flaw posted on Github

Shawn Knight

TechSpot Staff
Staff member
Remember that fundamental USB security flaw that a pair of researchers unearthed back in July? You know, the one that allegedly affects every single USB device in the wild for which there is no fix for. While they did publically...

[newwindow="https://www.techspot.com/news/58289-code-to-exploit-fundamental-usb-flaw-posted-on-github.html"]Read more[/newwindow]
 

gamoniac

TS Evangelist
Releasing malicious code for public consumption... yet it makes sense in this crazy world. Well explained in the last two paragraphs.
 
G

Guest

It's like releasing a deadly disease and say "then they'll build up an immunity"
 
  • Like
Reactions: dnang

Jad Chaar

Elite Techno Geek
"If you’re going to prove there’s a flaw, you need to release the material so people can defend against it, he added." As ridiculous as this sounds, he is actually right. Good point.
 
G

Guest

No fix? bunk: there's always time to "do it over"

the presentation of a USB device must be treated the same as the presentation of any unknown program: you have to authenticate before you execute.

this requirement has been generally ignored by the computer industry since the microprocessor took over from the mainframe. "Back in the Day" when programs were sent on reels of 1/2" tape authentication was accomplished using traditional pen&ink on the package labels and enclosed transmitals.

on the net you have to use PGP digital signatures.
 

risc32

TS Addict
It's like releasing a deadly disease and say "then they'll build up an immunity"
it's not really like that at all. its more like, "the baddies have this, you should have it to, and the makers of these things need to address this. and this might spur them on."
 

dnang

TS Rookie
It's like releasing a deadly disease and say "then they'll build up an immunity"
it's not really like that at all. its more like, "the baddies have this, you should have it to, and the makers of these things need to address this. and this might spur them on."
Yeah, and before the manufactures are able to fix million of devices already in use, the bad guys will be able to cause a lot of pain to users, a vast majority of them not tech-savy enough to even know this vulnerabilty exists.
Which do you think is easer: create an exploit when you already have the sample code, or create a fix for it (you're on your own)?
 
  • Like
Reactions: psycros
G

Guest

How can I get the code for the usb flaw just want to analyse it in other to broaden my knowledge and may be I can also design a solution for it