1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Say hello to BadUSB 2.0: USB man-in-the-middle attack proof-of-concept

Discussion in 'Network World' started by RSS, Jun 22, 2016.

  1. RSS

    RSS New Member Member

    Oh peachy, say hello to BadUSB 2.0, a tool “capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB.”

    The full research paper, BadUSB 2.0: USB man-in-the-middle attacks” (pdf), by security researcher David Kierznowski, is available on Royal Holloway. The paper describes BadUSB2 as an “in-line hardware solution” which is “capable of performing passive or active man-in-the-middle attacks against low-speed, USB-HID devices, such as keyboards and mice.” Yes, BadUSB2 can “intercept messages going to the host, as well as messages destined for the peripheral.” Its attack capabilities are impressive.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page