ZDNet: New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD

ZDNet: New fuzzing tool finds 26 USB bugs in Linux, Windows, macOS, and FreeBSD. “Academics say they discovered 26 new vulnerabilities in the USB driver stack employed by operating systems such as Linux, macOs, Windows, and FreeBSD. The research team, made up by Hui Peng from Purdue University and Mathias Payer from the Swiss Federal Institute of Technology Lausanne, said all the bugs were discovered with a new tool they created, named USBFuzz.”

Wired: Wickedly Clever USB Stick Installs a Backdoor on Locked PCs

Ugh. Raspberry Pi Zeroes can be used for very scary things. “Today [Samy] Kamkar released the schematics and code for a proof-of-concept device he calls PoisonTap: a tiny USB dongle that, whether plugged into a locked or unlocked PC, installs a set of web-based backdoors that in many cases allow an attacker to gain access to the victim’s online accounts, corporate intranet sites, or even their router. Instead of exploiting any glaring security flaw in a single piece of software, PoisonTap pulls off its attack through a series of more subtle design issues that are present in virtually every operating system and web browser, making the attack that much harder to protect against.”

Google Engineers Create USB->Web API

A couple of Google Engineers have created an API for direct USB->Web access. “The API isn’t meant for USB flash drives, but other peripherals like keyboards or various Internet of Things … gadgets. The process isn’t meant for some sort of advanced file transfer, either; it’s to safely connect hardware to the Web without the need for a dedicated platform.”