Before You Read

Warning: If you are Resistant to Logic, please stay away from this page. Because we will be Persistent with Logic to wear down your Resistance.

Saturday, December 13, 2014

No Defense Against BadUSB Firmware Exploit, Yet

Verdict :

Possible time of origin : July, 2014

Circulation platforms : Internet

Circulation geography : Global

Original Message Version Under Analysis:
BadUSB writes or overwrites a USB device’s firmware code to carry out malicious actions. First announced in July 2014, BadUSB was discovered by a pair of computer researchers at Security Research Labs in Berlin, who then presented their discovery at the Black Hat Conference. The attack is feared because none of the traditional methods of checking for malice on a USB storage device do detect that. The malicious code is planted in the USB’s firmware, which is first executed only when the device is plugged into a host machine. The host machine can’t detect the firmware code, but the firmware’s code can interact with and modify software on the host machine. The malicious firmware code could then plant other malware, steal information, divert Internet traffic. All these may run while bypassing antivirus scans. Moreover this problem isn’t limited to USB devices. In fact, USB devices are the tip of the iceberg. Any hardware device plugged into your computer with a firmware component can probably be made malicious in a very similar manner. 
BadUSB has no defense today, but it may be easily defended against, in the near future. After all, it’s simply  a code/software (stored in firmware), so other protective code/software (to be developed) should be able to defeat it. 

Analysis by Merofact Awareness Team:


Everything said above is entirely true. USB devices are reversibly connected to computers and often even built into virtually all computers. This universal interface standard revolutionized the world over the past two decades, thanks to its versatility. Almost any computer peripheral, from storage and input gadgets to healthcare devices, can connect over using this ubiquitous technology. This versatility is also it's Achilles heel; Since different device types can plug in via the same connector, one type of device can turn into a more capable or malicious type without the user noticing at all. This is what a BadUSB does. To turn one device type into another, USB controller chips present in peripherals need to be reprogrammed. Most widely spread USB controller chips, including those in USB thumb drives, hardly (if any) have any protection from such reprogramming.
Regular computer users shares USB drives like average business cards, even though we all know that they often carry malware and many of us can remember few bitter experiences. To protect our computer from such undue experience we all depend on antivirus & antimalware scans. In case of some unpatchable trouble, the occasional reformatting keeps our thumbdrives from becoming the carrier of the malware epidemic. But the security problems with USB devices run deeper than we all knew about: Their risk isn’t just in what they detectably carry, it can be built into the core of how they work and talk to the host computer. 
The kind of compromise BadUSB is able to make, is nearly impossible to counter at present without banning the sharing of USB devices. The problem isn’t limited to thumb drives. All types of USB devices from keyboards, mice and webcam to smartphones have firmware that can be reprogrammed in a similar manner a USB memory sticks is made into BadUSB. BadUSB can do whatever one can do with a keyboard attached to a computer, which is basically everything a computer does. In summary BadUSB can do atleast the followings: 
1. Can emulate a keyboard and issue commands on behalf of the logged-in user, for example to download files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
2. The device can also spoof a network card and change the computer’s setting to redirect traffic.
3. It can detect that the computer is starting up and then can boot a small virus, which infects the computer’s operating system prior to boot.
To make things worse, cleanup after an infection is hard, if not impossible. Simply reinstalling the operating system – the last resort response to otherwise ineradicable malware – does not address BadUSB infections at their root. The USB drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB connected components inside the computer. A BadUSB device may even replace the computer’s BIOS – again by emulating a keyboard and unlocking a hidden file on the infected USB drive.
Once infected with BadUSB, the computer and all USB peripherals that came in contact with the infected machine can never be trusted again.
One apparent good news is that this susceptibility is reportedly tested only on one USB manufacturer that is Phison electronics – A Taiwanese Electronics Company. Though Phison sticks can initiate attack on any device they are attached to, but it is not clear whether the established infection will be able to spread to any other USB drive that will be attached into the infected device later on. The company has not yet publicly listed the vendors for whom they manufacture USB sticks. Therefore, currently it is still not very clear, whether the issue really can turn into a digital epidemic.
The other good news is, according to knowledge available over web, at least one company (Ironkey) already does purposefully protect against BadUSB attacks. Their new line of thumbdrive products require that any new updates to its thumbdrives’ firmware be signed with an unforgeable cryptographic signature that prevents malicious reprogramming.

Saturday, December 6, 2014

"Missile Man of India, Dr. Abdul Kalam Hospitalized ..."

Verdict :

Possible time of origin : October 15, 2014 (as birthday wishes!)

Circulation platforms : WhatsApp, Facebook, Internet

Circulation geography : India

Original Message Version Under Analysis:
Missile man of India hospitalized and no media botheredDr. A.P.J. Abdul Kalam our Missile Man is hospitalized from last two weeks but no media is interested, but we are true lovers of him. Let’s pray for his speedy and complete recovery today 9 pm and share this message to everyone to prove that any media is not necessary to remember our Heroes. Forwarding your prayers. 

Analysis by Merofact Awareness Team: 

This is a rumor surfaced around October 15, 2014 when Dr. A.P.J. Abdul Kalam turned 83. Within a week, he too got concerned about the spread of this false message and tweeted about is well being. His message reads Som msg is bein circultd dat Im unwell & hospitalized!This is totally FALSE.Im bsy workin with severl commitmnts. Plz pay no heed2such rumor ". Next day OneIndia again confirmed the that "He is absolutely fine. He is at work".

Update July 27, 2015
                                                                                                    
We just got the saddest news that the  India's 11th President APJ Abdul Kalam passed away at a hospital in Shillong, Meghalaya today evening, he was 83. He was there to deliver a lecture on “Making the World More Livable”. He suffered a massive cardiac arrest (heart attack) during his lecture at the Indian Institute of Management, Shillong, around 6.30 pm. Promptly he was taken to the Bethany hospital. Bethany hospital sources told NDTV that, "President Kalam was brought to the hospital at 7 pm. When he brought in there was no sign of life. He was taken to ICU to try and revive him, which was futile,". Government declared 7 days of national mourning (Rashtriya shok) as a mark of respect for Dr. Kalam. During this period the national flag will fly at half mast on all places throughout India where it is flown regularly. Schools, colleges, other educational institutions and government institutions may decide to remain closed on this Tuesday.