BadUSB Means We’re All Screwed

badusb

Does anyone else get the feeling that the frequency of rather horrible vulnerabilities coming to light is accelerating? Off the top of our head, there’s Heartbleed, Shellshock, and now this one. The BadUSB exploit attack stems from the “invisible” microcontroller in most USB devices.

We first heard about it when we were attending DEFCON in August. The exploit had been announced the same week at Blackhat but there wasn’t much information out yet. Now the talk has been posted and there’s a well-explained overview article at Big Mess o’ Wires.

Here’s how this one goes: all USB devices rely on a microcontroller to handle the peripheral-side of USB communications. The computer doesn’t care which microcontroller, nor does it have a way of knowing even if it wanted to. The uC is “invisible” in this situation, it’s the interface and data flowing through it that the computer cares about. BadUSB is an attack that adds malicious functionality to this microcontroller. To the computer it’s a perfectly normal and functional USB device, while all the bad stuff is happening on the peripheral’s controller where the computer can’t see it.

How deeply do you think about plugging each and every USB device? Check out what happens at 19:20 into the video below. The USB device enumerates and very quickly sets up a spoofed Ethernet connection. You can still load a webpage via WiFi but the fake connection is forwarding packets to a second server.

Once discovered, you can wipe the computer and this will stop happening; until you plug the same device again and reinfect. Worse yet, because the controller is invisible to the computer there’s almost no way to scan for infected devices. If you are smart enough to suspect BadUSB, how long will it take you to figure out if its your mouse, your keyboard, a thumb drive, a webcam, your scanner… you get the point.

[Read more...]

Hackaday Links: October 5th, 2014

hackaday-links-chain

Good news from CadSoft this week. They didn’t miss all the complaints about their decision to use a Node Lock License for EAGLE 7. This had meant that users of the popular PCB design software would be limit on how many machines they could use the software with a license. They have removed License Management from the package (and all the citizens rejoiced).

We’re tripping over the growing pile of hardware that boast the “next-big-thing” in getting devices onto a network. That’s not a complaint at all. This time around it’s a cell chip, the U-blox SARA-U260, which can connect to 3G on the AT&T network and is just 16x26mm. They call it world’s smallest but we have no idea if that’s true or not. Anyone have a source and/or pricing for these? [Thanks Austin]

This guy loves his Nixie tube. How much? To the extent that he built up a hardware and software interface that behaves much like a pet. It’s voice activated, and the infectious delight of [Glasslinger's] video demo is in itself worth watching. [Thanks Morris]

Making this Magnetic Stripe Reader work as a USB device is really nothing more than adding a serial-to-USB converter. The journey to find the way to add the converter makes for a fun read though.

We know from watching Breaking Bad that you can kill power to a building by shorting the power lines outside with a huge bouquet of mylar balloons. This installation is a twist on the idea. Connecting one mylar balloon to a Van de Graaff generator and floating it next to another results in an oscillating repel-discharge-repel cycle. [Thanks filnt via NPR]

Feed That Shoulder Boom Box with a Wrist Tune Transmitter

rasrad-arm

Next time you’re strutting down the block with that hi-fi on you shoulder, don’t subject yourself to the limitations of a radio station’s tight playlist or the short run time of a cassette tape. Pack your tunes on your wrist and beam them directly with this wearable FM transmitter. No wires… it’s like the future is now!

The Raspberry Pi has proven itself to be a dependable FM transmitter. This project follows in those footsteps but moves the goal line a few leaps further. The build has a full user interface which will make it easy to adapt to just about any application you can imagine. And the added twist is shown in the latter third of the video after the break. [Navic209] has included a microphone in the design which allows the wearer to transmit voice to an appropriately tuned radio. It gives the device a very Dick Tracey-esque feel.

[Read more...]

Building a Retro Computer that Never Existed

VNC ViewerScreenSnapz009

Sometimes you come across a build so far along you wish you could go back and enjoy it just a bit at a time. This C65 build is so far along, it’s like binge watching a retro computer build. One that never actually existed.

Okay, that’s admittedly a bit rash. But technically the C65 (successor to the Commodore C64) never saw its way through development. A good place to start looking in on the build is from the second post way back in March. The FPGA-based project is already looking promising with proof-of-concept display tests. Are we the only ones surprised by the 1920 native display resolution?

Checking back in June we see that there is some software working but a bounty of bugs will definitely keep [Paul] busy for a while. Fast forward to the beginning of September and he’s come full through to getting a network connection up and running.

The Wikipedia page on the C65 gives a good idea of how awesome this would have been back in the day had it actually made it to market. We suppose it joins the Commodore lists of would-haves and should-haves with the likes of the C128.

Split Flap Display: If You Can’t Find It, Built It

10661972_10152647397383758_5269554861092934294_o

It’s pretty hard to deny that split-flap displays are incredibly awesome. This one has been a long time coming, and it’s not a refab or surplus build. [Tom] fabricated these beautiful alpha-numeric split flaps from scratch.

Having recently seen an alarm-clock split flap hack just a week or so ago we found ourselves wondering where in the world people manage to find this type of awesome mechanical hardware. If you can’t get it out of grampa’s attic, the next best thing is to build it from the ground up.

This was not a build to be taken lightly. [Tom] started years ago, and part way into the project we looked at some of the control hardware for the installation. Make sure that you dig deep into his blog posts. It’s the only way you’ll put together the whole picture of how he ended up with each belt and stepper motor driven character module.

[Read more...]

Share Your Hackaday Story as we Celebrate 10 Great Years

Tomorrow we mark 10 wonderful years of reading Hackaday. Share your experience by recording a 1-2 minute video about how you discovered Hackaday and your favorite hack from all the greats that have hit the front page. Tweet the link to your video to @Hackaday with the hashtag #10years and we’ll add it to the playlist.

It doesn’t need to be anything special (but go nuts if you wish). I recorded a one-shot talking-head format as an example.

If you are lucky enough to be in the LA area, get a free ticket for Saturday’s event. In addition to all the clinicians and speakers, there’s a small collection of the Hackaday crew in town.

Trek to Evil Mad Scientist Laboratories

DSC_0248-banner-image

I’ve been a huge fan of EMSL for quite some time now, and my recent field trip proved that it has earned the name Evil Mad Scientist Laboratories for a good reason. For instance, look at the reflection in the glass near the bottom and you’ll glimpse the hearse that [Lenore] and [Windell] have sitting in front of the shop. But stop at the threshold, inside there are delights that ate up a couple of hours without me even noticing. And they thought they were going to get work done that day.

Don’t judge me by my appearance. This is late afternoon on a summer Saturday in Sunnyvale. Why does that matter? Obviously summer Saturdays in Silicon Valley always start with the Electronics Swap Meet and Engineer’s breakfast! That was a ton of fun but if you’re doing it right it’s also a bit tiring. No worries, a shot of excitement came over me as soon as I walked in that front door.

[Read more...]

Follow

Get every new post delivered to your Inbox.

Join 96,449 other followers