Schedule

Schedule

Tuesday, March 3

1425405600 Tech News Today
1425409200 MacBreak Weekly
1425418200 Security Now
1425427200 Tech News 2Night
1425430800 All About Android

Wednesday, March 4

1425486600 FLOSS Weekly
1425492000 Tech News Today
1425495600 Windows Weekly
1425502800 This Week in Google
1425513600 Tech News 2Night
1425515400 Android App Arena
1425520800 Ham Nation

Thursday, March 5

1425578400 Tech News Today
1425582000 Know How...
1425587400 Marketing Mavericks
1425592800 Home Theater Geeks
1425600000 Tech News 2Night
1425601800 The Giz Wiz

Friday, March 6

1425664800 Tech News Today
1425668400 This Week in Law
1425679200 Before You Buy
1425686400 Tech News 2Night
1425690000 Padre's Corner

Saturday, March 7

1425754800 The Tech Guy

Sunday, March 8

1425837600 The Tech Guy
1425852000 This Week in Tech

Monday, March 9

1425920400 Tech News Today
1425924000 Triangulation
1425929400 iPad Today
1425936600 Coding 101
1425942000 Tech News 2Night

Tuesday, March 10

1426006800 Tech News Today
1426010400 MacBreak Weekly
1426019400 Security Now
1426028400 Tech News 2Night
1426032000 All About Android

Wednesday, March 11

1426087800 FLOSS Weekly
1426093200 Tech News Today
1426096800 Windows Weekly
1426104000 This Week in Google
1426114800 Tech News 2Night
1426116600 Android App Arena
1426122000 Ham Nation

Thursday, March 12

1426179600 Tech News Today
1426183200 Know How...
1426188600 Marketing Mavericks
1426194000 Home Theater Geeks
1426201200 Tech News 2Night
1426203000 The Giz Wiz

Most Recent Episodes

Tech News 2Night

Google Wireless is coming.

Coding 101

We finish our Arduino clock.

Triangulation

Becky Worley is the tech contributor for ABC.

TWiT Live Specials

Samsung Galaxy S6 Edge, HTC One M9, Acer Liquid Jade Z, and more.

Tech News Today

Mobile World Congress coverage.

iPad Today

Cord cutting options and other TV apps.

This Week in Tech

Mobile World Congress preview, Apple Watch speculation, Title II, and more.

The Tech Guy
The Tech Guy 1166 March 1st, 2015

Samsung announces Galaxy S6.

TWiT Live Specials

The Samsung Galaxy S6, S6 Edge, and Samsung Pay launch.

The Tech Guy
The Tech Guy 1165 February 28th, 2015

Storing photos and files if an iPad is your only computer.

Know How... 106

Bad USB, I Am Groot, and Defcon

August 14 2014

A USB hack that will make you drop your packets, Patrick Djelahanty shows how he built the "Baby Groot" out of common parts, see soundwaves, lock picking, and Defcon wrap up.

"Bad USB"
* German Researchers Karsten Knoll and Jacob Lell discovered an exploit in the way USB works
* ALL USB devices use some form of controller. They're small computers that interface the USB serial communications protocol with whatever device we want to connect via USB.
-- That controller is actually a small computer... and the computer runs an operating system that is determined by firmware.

What's the Exploit?
* The way that USB was created, that firmware is updateable. It's updateable because the creators of the USB standard wanted manufacturers to be able to reprogram the firmware if a flaw was ever discovered in that firmware.
* HOWEVER, that also means that a malicious user (hacker) could reprogram the firmware to make the device act in a way that the manufacturers had not intended.

What does that all mean?
* This means that a USB flash drive could be reprogramed to act like a keyboard
-- So after you plug it in, it issues a series of keystrokes that (for example) open Internet Explorer, navigate to a page that contains malware, then close the browser... all in a matter of seconds
* Or a USB flash drive could be reprogrammed to act like a network adapter
-- All the traffic you send and receive from your network would pass through this new network adapter, which would forward the packet stream to another computer before sending your trafic to the proper destinations.

Worse still... since your computer has USB devices INTEGRATED into the system (Keyboard, Mouse, Webcamera, Card Reader) a compromised USB device could be used to compromise the USB devices in your computer, which would then compromise any USB device that connects to your computer.

Ok... so why not just run an anti-virus? Or copy over new firmware? Or just make USB firmware non-programmable?

Let's take that one at a time: Anti-Virus
* Your system cannot see past the controller of a USB device.
-- The way USB devices work, the system can query the controller, and the controller will tell the system the status of the USB device.
-- If the controller is compromised, then you cannot trust it to report the correct status
** In other words, the only way an Anti-Virus would work would be if the malware infecting the USB device was programmed to tell the system that it was compromising the controller... an unlikely scenario.

Copying New Firmware:
* As with the Anti-Virus question, the system cannot see past the controller.
* When you update firmware on a USB device, the new firmware is loaded into memory, then the controller is responsible for overwriting its old firmware and reporting back to the system with the new firmware status.
* If I was writing BadUSB malware, the first thing I would to would be to disable that process: Allow the controller to copy the new firmware to memory, then strip off the revision number of the new firmware and report THAT to the system.
-- The system thinks it has new firmware, but the malware is still there.

Making USB devices unprogrammable:
* This is the most likely solution, but there are two MAJOR problems
1. It doesn't fix the BILLIONS of USB devices that are already in the wild.
2. If a manufacturer ever discovers a problem with their firmware (say, an exploit) there is no way to patch it.

Connect with us!
Don't forget to check out our large library of projects at www.twit.tv/kh.
- Google+ Community at gplus.to/twitkh
- Tweet at us at @padresj, @Cranky_Hippo and @Anelf3
- Check out our transcripts.

Sponsors: