On 04-08-2014 11:11, Kevin Chadwick wrote: > previously on this list Giancarlo Razzolini contributed: > >> I don't see anything new about this attack. The theory behind >> it was invented with USB itself. > I haven't looked into it but thought it might have something to do with > "On the Go" but I guess not then. > > A simple search of "usb flash drive atack" will yield a lot of results, some many years old. Many exploiting windows autorun feature. You can even reprogram your flash drive with another's firmware. There are even some russian websites on the matter with lots of firmwares and tools to modify your device:
http://www.usbdev.ru http://flashboot.ru/ Perhaps the only thing "new" about this badusd is the rogue keyboard emulation. I might be wrong. But it's nothing like they only now discovered an usb protocol vulnerability. Let's just wait their blackhat presentation, when they will allegedly release the poc's. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
