USB-C and BadUSB attacks: What you need to know<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><a href='
http://www.imore.com/usb-c-and-badusb-attacks-what-you-need-know' title="USB-C and BadUSB attacks: What you need to know"><img src='
http://www.imore.com/sites/imore.com/files/styles/large_wm_blw/public/field/image/2015/03/macbook-usb-c-port-demo.jpg?itok=BtWYE2G7' />[/url]</p> <p class="intro">Apple announced the new
MacBook with USB-C connector last Monday and already headlines are appearing linking it to known security issues, like BadUSB.</p> <p>BadUSB is an attack that uses the way computers interface with the universal serial bus (USB) standard to try and load malware onto the machine. It's a longstanding issue with USB in general, and nothing specific to Apple or the MacBook's implementation of USB-C. Throwing Apple and a hot new product under the headline bus is a great way to get attention, but what's really going on?</p> <p>BadUSB is a concern for anyone that has USB port on any computer from any vendor. It's theoretically possible for an attacker to set up malware on any USB device. That's why you shouldn't just grab cables or thumb drives or other peripherals from people or places you don't know, especially if you have any reason to believe you might be a target.</p> <p>The reason BadUSB is getting renewed attention for USB-C is that, on new products like the MacBook and the
Chromebook Pixel, USB is also the charging port. So, BadUSB has a larger attack surface. (You'll always be plugging into USB, not into something else like AC power or DisplayPort.)</p> <p>Convenience exists in opposition to security. We know this. USB-C comes with all the advantages of being a standard, and all the disadvantages as well. Neither Apple nor Google nor anyone else can build in their own protections at the hardware level without violating the standard or potentially breaking compatibility.</p> <p>Vendors, including Apple and Google, might need to adopt something like the iOS "Trust this Computer" prompt for OS X and Chrome OS. The trust prompt, which grew out of similar attacks, called Juice Jacking, means an external USB device can't exchange data with the computer unless and until the person at that computer gives express permission for it to do so.</p> <p>In the meantime, if you're at all concerned about BadUSB, buy your own cables, adapters, and devices, keep them safe, and don't use any cables, adapters, or devices you don't absolutely trust. Don't be scared or made to feel paranoid by overly sensational headlines. Be informed and avoid situations that could, even potentially, put you at risk.</p> <p>
Nick Arnott contributed to this article.</p> <div class="devicebox"> <h3>
MacBook</h3> <div class="video"><div class="video_iframe"><iframe src="
http://www.youtube.com/embed/2xEdhHgsOmA?rel=0&autoplay=0&wmode=opaque&controls=2&autohide=1&showinfo=0" width="627" height="353" class="video-filter video-youtube vf-2xedhhgsoma" frameborder="0" allowfullscreen="allowfullscreen"></iframe></div></div> <!--/video--> <ul><li>
MacBook hands-on</li> <li>
MacBook event</li> <li>
MacBook buyers guide</li> <li>
MacBook news</li> <li>
MacBook forums</li> </ul></div> <div> <style> <!--/*--><![CDATA[/* ><!--*/ <!--/*--><![CDATA[/* ><!--*/ <!--/*--><![CDATA[/* ><!--*/ .devicebox { background-color: #5CB8DB; border: 1px solid #E2E9EB; float: right; display: block; margin: 0 0px 10px 10px; max-width: 350px; overflow: hidden; width: 50%; } .devicebox h3 { background: #8D98BD; color: #fff; font-family: "camptonmedium",sans-serif; font-size: 20px; margin-bottom: 0; margin-top: 0; padding: 0; text-align: center; } .devicebox h3 a { display: block; line-height: 30px; padding: 0 10px; } .devicebox h3 a:hover { background: #7e88aa; text-decoration: none; } .devicebox .video { margin: auto; border: 0px; } .devicebox p, .entry-content .devicebox p > img, .devicebox img { margin: 0px; max-width: 100%; padding: 0px; } .devicebox, .devicebox a, .devicebox a:active, .devicebox a:hover, .devicebox a:link, .devicebox a:visited, .devicebox p, .devicebox ul, .devicebox ul li, .devicebox li { color: #fff; } .devicebox a:hover { text-decoration: underline; } .devicebox p, .devicebox ul, .devicebox ul li, .devicebox li { border-width: 0px; font-family: "camptonlight",sans-serif; font-size: 16px; padding: initial; } .devicebox ul { margin: 0; padding: 0.5em 1em 1em 30px; } .devicebox ul li { display: list-item; } .devicebox ul, .devicebox ul li, .devicebox li { line-height: 24px; list-style: disc outside none; } .devicebox ul li:before { display: none; } .devicebox p ~ p { padding: 0px 15px 15px; line-height: 1.25; } .devicebox p:first-of-type + p { padding: 15px; } .field-items p:last-of-type + .devicebox, .slide p:last-of-type + .devicebox, .article-body-wrap p:last-of-type + .devicebox, .field-items p:last-of-type + .devicebox ~ .devicebox, .slide p:last-of-type + .devicebox ~ .devicebox, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox { float: none; margin: 0 auto 30px; max-width: 700px; min-height: 225px; position: relative; width: 100%; } .field-items p:last-of-type + .devicebox .video, .slide p:last-of-type + .devicebox .video, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox .video, .field-items p:last-of-type + .devicebox ~ .devicebox .video, .slide p:last-of-type + .devicebox ~ .devicebox .video, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox .video { bottom: 0px; left: 50%; position: absolute; right: 0px; top: 30px; } .field-items p:last-of-type + .devicebox .video_iframe, .slide p:last-of-type + .devicebox .video_iframe, .article-body-wrap p:last-of-type + .devicebox .video_iframe, .field-items p:last-of-type + .devicebox ~ .devicebox .video_iframe, .slide p:last-of-type + .devicebox ~ .devicebox .video_iframe, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox .video_iframe { height: 100%; padding: 0px; } .field-items p:last-of-type + .devicebox ul, .slide p:last-of-type + .devicebox ul, .article-body-wrap p:last-of-type + .devicebox ul, .field-items p:last-of-type + .devicebox p, .slide p:last-of-type + .devicebox p, .article-body-wrap p:last-of-type + .devicebox p, .field-items p:last-of-type + .devicebox ~ .devicebox ul, .slide p:last-of-type + .devicebox ~ .devicebox ul, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox ul, .field-items p:last-of-type + .devicebox ~ .devicebox p, .slide p:last-of-type + .devicebox ~ .devicebox p, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox p { width: 43%; } .field-items p:last-of-type + .devicebox h3 + p, .slide p:last-of-type + .devicebox h3 + p, .article-body-wrap p:last-of-type + .devicebox h3 + p, .field-items p:last-of-type + .devicebox ~ .devicebox h3 + p, .slide p:last-of-type + .devicebox ~ .devicebox h3 + p, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox h3 + p { bottom: 0; left: 50%; overflow: hidden; position: absolute; right: 0; top: 30px; width: 50% } .field-items p:last-of-type + .devicebox h3 + p img, .slide p:last-of-type + .devicebox h3 + p img, .article-body-wrap p:last-of-type + .devicebox h3 + p img, .field-items p:last-of-type + .devicebox ~ .devicebox h3 + p img, .slide p:last-of-type + .devicebox ~ .devicebox h3 + p img, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox h3 + p img { float: right; height: 100%; width: auto; } @media all and (max-width: 500px) { .devicebox { float: none; margin: 0; max-width: 100%; width: 100%; } .field-items p:last-of-type + .devicebox .video, .slide p:last-of-type + .devicebox .video, .article-body-wrap p:last-of-type + .devicebox .video, .field-items p:last-of-type + .devicebox ~ .devicebox .video, .slide p:last-of-type + .devicebox ~ .devicebox .video, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox .video { left: 0; position: relative; top: 0; } .field-items p:last-of-type + .devicebox .video_iframe, .slide p:last-of-type + .devicebox .video_iframe, .article-body-wrap p:last-of-type + .devicebox .video_iframe, .field-items p:last-of-type + .devicebox ~ .devicebox .video_iframe, .slide p:last-of-type + .devicebox ~ .devicebox .video_iframe, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox .video_iframe { padding-bottom: 56.25%; } .field-items p:last-of-type + .devicebox h3 + p, .slide p:last-of-type + .devicebox h3 + p, .article-body-wrap p:last-of-type + .devicebox h3 + p, .field-items p:last-of-type + .devicebox ~ .devicebox h3 + p, .slide p:last-of-type + .devicebox ~ .devicebox h3 + p, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox h3 + p { left: 0; position: relative; top: 0; } .field-items p:last-of-type + .devicebox ul, .slide p:last-of-type + .devicebox ul, .article-body-wrap p:last-of-type + .devicebox ul, .field-items p:last-of-type + .devicebox ~ .devicebox ul, .slide p:last-of-type + .devicebox ~ .devicebox ul, .article-body-wrap p:last-of-type + .devicebox ~ .devicebox ul { width: auto; } } /*--><!]]]]]]><![CDATA[><![CDATA[>*/ /*--><!]]]]><![CDATA[>*/ /*--><!]]>*/ </style></div> </div></div></div><img width='1' height='1' src='
' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/223515053114/u/49/f/616881/c/33998/s/4475ed5e/sc/4/a2t.img" border="0"/><img src="//feeds.feedburner.com/~r/TheIphoneBlog/~4/wkq-Ef_9IZs" height="1" width="1" alt=""/>
Source:
USB-C and BadUSB attacks: What you need to know
