Schedule

Schedule

Monday, November 24

1416852000 Tech News Today
1416855600 Triangulation
1416861000 iPad Today
1416873600 Tech News 2Night

Tuesday, November 25

1416938400 Tech News Today
1416942000 MacBreak Weekly
1416949200 Security Now
1416956400 Before You Buy
1416960000 Tech News 2Night
1416963600 All About Android
1416972600 Padre's Corner

Wednesday, November 26

1417019400 FLOSS Weekly
1417024800 Tech News Today
1417028400 Windows Weekly
1417035600 This Week in Google
1417046400 Tech News 2Night
1417048200 Android App Arena
1417053600 Ham Nation

Thursday, November 27

1417111200 Tech News Today
1417114800 Know How...
1417118400 Marketing Mavericks
1417123800 Coding 101
1417127400 Home Theater Geeks
1417132800 Tech News 2Night
1417134600 The Giz Wiz

Friday, November 28

1417197600 Tech News Today
1417201200 This Week in Law
1417219200 Tech News 2Night

Saturday, November 29

1417287600 The Tech Guy

Sunday, November 30

1417374000 The Tech Guy
1417388400 This Week in Tech

Monday, December 1

1417456800 Tech News Today
1417460400 Triangulation
1417465800 iPad Today
1417478400 Tech News 2Night

Tuesday, December 2

1417543200 Tech News Today
1417546800 MacBreak Weekly
1417554000 Security Now
1417561200 Before You Buy
1417564800 Tech News 2Night
1417568400 All About Android
1417577400 Padre's Corner

Wednesday, December 3

1417624200 FLOSS Weekly
1417629600 Tech News Today
1417633200 Windows Weekly
1417640400 This Week in Google
1417651200 Tech News 2Night
1417653000 Android App Arena
1417658400 Ham Nation

Most Recent Episodes

The Tech Guy
The Tech Guy 1138 November 23rd, 2014

Congress to allow NSA spying to continue.

This Week in Tech
Episode #485: Uber Delenda Est November 23rd, 2014

Uber culture clash, big phones, fuel cell car, CastAR ships, and more.

The Tech Guy
The Tech Guy 1137 November 22nd, 2014

Will using a VPN encrypt a VOIP call?

This Week in Law

Does a broad privacy policy grant a company access to customer data?

Tech News 2Night

Uber's bad PR Prompts Changes at Lyft

Tech News Today

Google and Rockstar settle their patent case

This Week in Computer Hardware

Dell's 60Hz IPS Monitors, Gorilla Glass 4, and Windows 10.

The Giz Wiz

3D fruit printer, Mous Musicase, Nomiku sous vide, and more!

Coding 101

The holiday pricer.

Home Theater Geeks

3D Audio, Acoustic Room Design, and Anythony Grimani.

Know How... 106

Bad USB, I Am Groot, and Defcon

August 14 2014

A USB hack that will make you drop your packets, Patrick Djelahanty shows how he built the "Baby Groot" out of common parts, see soundwaves, lock picking, and Defcon wrap up.

"Bad USB"
* German Researchers Karsten Knoll and Jacob Lell discovered an exploit in the way USB works
* ALL USB devices use some form of controller. They're small computers that interface the USB serial communications protocol with whatever device we want to connect via USB.
-- That controller is actually a small computer... and the computer runs an operating system that is determined by firmware.

What's the Exploit?
* The way that USB was created, that firmware is updateable. It's updateable because the creators of the USB standard wanted manufacturers to be able to reprogram the firmware if a flaw was ever discovered in that firmware.
* HOWEVER, that also means that a malicious user (hacker) could reprogram the firmware to make the device act in a way that the manufacturers had not intended.

What does that all mean?
* This means that a USB flash drive could be reprogramed to act like a keyboard
-- So after you plug it in, it issues a series of keystrokes that (for example) open Internet Explorer, navigate to a page that contains malware, then close the browser... all in a matter of seconds
* Or a USB flash drive could be reprogrammed to act like a network adapter
-- All the traffic you send and receive from your network would pass through this new network adapter, which would forward the packet stream to another computer before sending your trafic to the proper destinations.

Worse still... since your computer has USB devices INTEGRATED into the system (Keyboard, Mouse, Webcamera, Card Reader) a compromised USB device could be used to compromise the USB devices in your computer, which would then compromise any USB device that connects to your computer.

Ok... so why not just run an anti-virus? Or copy over new firmware? Or just make USB firmware non-programmable?

Let's take that one at a time: Anti-Virus
* Your system cannot see past the controller of a USB device.
-- The way USB devices work, the system can query the controller, and the controller will tell the system the status of the USB device.
-- If the controller is compromised, then you cannot trust it to report the correct status
** In other words, the only way an Anti-Virus would work would be if the malware infecting the USB device was programmed to tell the system that it was compromising the controller... an unlikely scenario.

Copying New Firmware:
* As with the Anti-Virus question, the system cannot see past the controller.
* When you update firmware on a USB device, the new firmware is loaded into memory, then the controller is responsible for overwriting its old firmware and reporting back to the system with the new firmware status.
* If I was writing BadUSB malware, the first thing I would to would be to disable that process: Allow the controller to copy the new firmware to memory, then strip off the revision number of the new firmware and report THAT to the system.
-- The system thinks it has new firmware, but the malware is still there.

Making USB devices unprogrammable:
* This is the most likely solution, but there are two MAJOR problems
1. It doesn't fix the BILLIONS of USB devices that are already in the wild.
2. If a manufacturer ever discovers a problem with their firmware (say, an exploit) there is no way to patch it.

Connect with us!
Don't forget to check out our large library of projects at www.twit.tv/kh.
- Google+ Community at gplus.to/twitkh
- Tweet at us at @padresj, @Cranky_Hippo and @Anelf3
- Check out our transcripts.

Sponsors: