Skip to main content
Customer Support Customer Support

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
June 22nd 2016  By Ms. Smith
 
                                  http://images.techhive.com/images/article/2016/06/usb-100667780-primary.idge.jpg
 

BadUSB 2.0 is an inline hardware implant capable of compromising USB fixed-line communications through active or passive man-in-the-middle attacks; it “can eavesdrop, replay, modify, fabricate, exfiltrate data and BadUSB in one device."

 
Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”
 
Full Article

    7 replies

    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • 16060 replies
    • June 22, 2016
    Oh, that is really sneaky and bound to catch many unawares if they have the misfortuen to come into contact with this sort of thing. Thanks for the warning, Jasper. 
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    J
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • J
      JP_
    N
    Does webroot protect against this?
    Jasper_The_Rasper
    J
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • J
      JP_
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • 16060 replies
    • April 11, 2017
    Hi neogeoarcade0
     
    Welcome to the Community Forums.
     
    GIve the date of when this malware was first highligted I would say that WSA does protect from it...but just to be sure lets ask one of the professionals on the Webroot Team. @ would you be able to advise on this one please? ;)
     
    Many thanks, Baldrick
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    ProTruckDriver
    Jasper_The_Rasper
    J
    3 people like this
    • ProTruckDriver
      ProTruckDriver
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • J
      JP_
    DanP
    Forum|alt.badge.img+35
    • DanPOpenText Employee
    • OpenText Employee
    • 515 replies
    • April 11, 2017
    @ wrote:
    Does webroot protect against this?
    This is a rather complex hardware-based proof-of-concept attack. Since it is hardware-based, there is no malware to be detected. 
     
    Please also note that as is pointed out in the article such an attack would require physical access, and this is only proof-of-concept - this is not being used "in the wild."
     
    -Dan
    Webroot Threat Research
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    5 people like this
    • ProTruckDriver
      ProTruckDriver
    • Baldrick
      Baldrick
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • Ssherjj
      Ssherjj
    • J
      JP_
    Baldrick
    Gold VIP
    • Baldrick
    • Gold VIP
    • 16060 replies
    • April 11, 2017
    Hi Dan
     
    Hope that you are well?
     
    Many thanks for the response. As always the professional lowdown on the threat is much appreciated. :D
     
    Regards, Baldrick
    Webroot SecureAnywhere Complete Beta Tester v9.0.24.49, imaged by Macrium Reflect v7.2
    Jasper_The_Rasper
    J
    2 people like this
    • Jasper_The_Rasper
      Jasper_The_Rasper
    • J
      JP_
    N
    @ wrote:
    Hi neogeoarcade0
     
    Welcome to the Community Forums.
     
    GIve the date of when this malware was first highligted I would say that WSA does protect from it...but just to be sure lets ask one of the professionals on the Webroot Team. @ would you be able to advise on this one please? ;)
     
    Many thanks, Baldrick
    Thanks 🙂
    Baldrick
    Jasper_The_Rasper
    2 people like this
    • Baldrick
      Baldrick
    • Jasper_The_Rasper
      Jasper_The_Rasper
    N
    @ wrote:
    @ wrote:
    Does webroot protect against this?
    This is a rather complex hardware-based proof-of-concept attack. Since it is hardware-based, there is no malware to be detected. 
     
    Please also note that as is pointed out in the article such an attack would require physical access, and this is only proof-of-concept - this is not being used "in the wild."
     
    -Dan
    Our workplace uses a linux machine, it's infected with a virus. Whenever I transfer files on USB and moved it to another PC some files gets missing, otherwise the usb ends up having an error. Whenever I use it at home, I don't detect a virus. What kind of virus would do such a thing?

    Reply


    Terms & Conditions