Gaming "BadUSB" A new way of console hacking possible?

[PhyChris]

There is a HUGE security flaw in the current hardware implantation of USB, that allows the USB slave to execute code on the USB host completely undetected. (take note of the third demonstration in the quote)

Nohl and Lell have discovered that USB controller chips' firmware offer no protection from reprogramming. Using a set of proof-of-concept tools they call BadUSB, they claim that an ordinary USB device, even a thumb drive, can be used to compromise computers in the following ways:

• A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
• The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
• A modified thumb drive or external hard disk can — when it detects that the computer is starting up — boot a small virus, which infects the computer’s operating system prior to boot.

there will be a demonstration at the "blackhat conference" Aug 6th/7th

 

[sandytf]

That is not a flaw. It's how usb works and why you should always be careful when dealing with questionable software or hardware.

 

[Psycho]

i don't know too much about ps3 hacking, but does this mean newer ps3's could be hackable??

just wondering, i wouldn't dare tamper with my baby

 

[PhyChris]

sandytf. no my friend. google BadUSB and cut your results to the last week.

 

[Bug_Checker_]

sandytf. no my friend. google BadUSB and cut your results to the last week.

maybe add Blackhat august 2014

 

[sandytf]

This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.

 

[Bug_Checker_]

This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.

I think all of this is probably a derivative of bunnie's work on sd cards.
http://www.bunniestudios.com/blog/?page_id=3592

 

[PhyChris]

This is not new and these problems with usb have been known since the initial development of the bus. These two individuals have simply made exploiting those vulnerabilities a little easier. The only thing that is remotely new is possibly reprogramming an existing usb device's firmware instead of creating a new device.

we will have to wait till the conference to see. but from my research this is the 1st USB hack that uses a hacked firmware to exploit a "new bug"(their words) to take control of the bus for actual code execution without the host detecting (not just reporting a false device info)

 

[Relys]

Yeah buddy this has nothing to do with an exploit vector into the Wii U through USB. What you would be looking for is an exploit in the USB host, not the USB controller.

You can already purchase the device you describe. It's called a USB Rubber Ducky.

Can you please close this thread?

 

[PhyChris]

Yeah buddy this has nothing to do with an exploit vector into the Wii U through USB. What you would be looking for is an exploit in the USB host, not the USB controller.

You can already purchase the device you describe. It's called a USB Rubber Ducky.

Can you please close this thread?

wait 5 days till blackhat is finished

 

[Relys]

wait 5 days till blackhat is finished

https://hakshop.myshopify.com/products/usb-rubber-ducky-deluxe

This is all that your post is describing. This has nothing to do with the Wii U or finding an exploit in the Wii U USB host at all. The PS3 had an exploit in USB host which had a dongle emulate a 7 port USB hub and do some sort of buffer overflow or corruption (I forget it's implementation) to trick the PS3 thinking it was a official Sony USB jig.

 

[PhyChris]

Did you read anything on BadUSB? its TOATLY different then this rubber ducky 'data stash/usb keyboard emulate' type shit.

Edit: it was a bit trolly

 

[Relys]

Did you read anything on BadUSB? its TOATLY different then this rubber ducky 'data stash/usb keyboard emulate' type shit.

Edit: it was a bit trolly

http://www.zdnet.com/badusb-big-bad-usb-security-problems-ahead-7000032211/

To me it looks like it's just about creating your own Rubber Ducky type device from any USB Controller by overwriting the micro controller.

 

[PhyChris]

http://www.zdnet.com/badusb-big-bad-usb-security-problems-ahead-7000032211/

To me it looks like it's just about creating your own Rubber Ducky type device from any USB Controller by overwriting the micro controller.

Yes, the exploit could be used to make a USD device emulator like a gamepad/keybord with pre-programmed button/key combos/timings but they are claiming much more. a system hijack

we will have to wait and see how useful this is.

 

[WulfyStylez]

Any system you could compromise through bugs in the USB controller, sure. That being said, it's barely worth looking at this vector for the Wii U.

 

[vinhdt]

PS3 Cobra ODE and X360Key are probably an example of it. The usb firmware are programmed on those devices.

 

[Jayro]

That would be cool to pre-program the USB controller's firmware with a PS3/PS4 payload.

 

[Saturosias]

Why did you post this no-longer-news in this section if you have zero clue what you're talking about?

 

[ssrpgvita]

if u can rewrite firwamre on usb media device what makes u think u cant rewrite fw from pup file or nintendo fw update file inject hombrew acess into via bruteforce thats what im trying to see is possible i got estatic over this news i guess itll leadn owhere then sighs

 

[Foxi4]

I'm sorry, but you might be missing a couple flux capacitors there.

Anywho, this is not a magical exploit - this is and always has been a feature of USB. How do you think USB devices initialize? No thanks to the magical USB fairy. The standard is set up in such a way that the computer "trusts" whatever you shove into the USB port because hey - you're the user, you know what you're doing. Besides, we already have a thread about BadUSB, so I'll merge them together once I find the other one.

EDIT: Aaaand done - threads merged.