Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures

[silversurfer91]

Yep. Though I hear no one talking about the spyware bots planted into new factory fresh USB devices by the NSA ....

We stopped using them when one our IT guys "found" an aggregator in a new USB stick. But we have learned how to play their game, too. War is war

Interesting....care to elaborate on your story?

 

[MRrainer]

It's not NSA we should be worried about.

It's the companies who make the USB sticks, probably mostly in China.

Haha - reminds me of a friend of a co-worker who phoned him once, in distress:
He had ordered USB-sticks directly in China, with some promotional demo-app already written on them directly at the factory.
The problem: the customer (who wanted to distribute the USB-sticks) had reported back that at least one sample USB-stick was infected with a virus.
Big problem: he had ordered 19000 USB sticks, which he couldn't possibly virus-check himself.
Morale: outsourcing to China is not easy. Esp. if you need accountability.
If he'd found a local company doing this, he would have had more success in insisting on a virus-free product.
But in with the contractor in China and he in Europe, they'd just LOL at you through the phone if you "insisted" on something...

 

[PracticalMac]

Going back to FireWire!

I have a FW drive like a USB one.


PS, I wonder if the exploit effects all OS, just has to be custom to each OS

 

[octothorpe8]

f a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.

Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.

Oh come on. Your kid's friend comes over with his homework on a flash drive he also used at the public library. Is that a physical security breach? How about your wife bringing a document home from work on a flash drive she also used at Kinko's to have something printed? You get the idea. Most of us don't live in security silos.

 

[2984839]

Going back to FireWire!

I have a FW drive like a USB one.


PS, I wonder if the exploit effects all OS, just has to be custom to each OS

FireWire is an even bigger security hole.

The exploit works on any OS, but the payload would be tailored to each. On a Mac, there are all kinds of bad things that could be done with keystroke injection that don't require a password or malware installation.

 

[PracticalMac]

FireWire is an even bigger security hole.

The exploit works on any OS, but the payload would be tailored to each. On a Mac, there are all kinds of bad things that could be done with keystroke injection that don't require a password or malware installation.

The report said it was a flaw in USB firmware, does not mean the same is true with FW firmware. If so, please link to details.

And as for USB, the payload will probably be very OS specific, like you said.
Macs for their rarity are low chance of infection.
Due to limited USB support, iOS devices will be very rare.

So it seems Apple world may be quite safe.

 

[2984839]

The report said it was a flaw in USB firmware, does not mean the same is true with FW firmware. If so, please link to details.

And as for USB, the payload will probably be very OS specific, like you said.
Macs for their rarity are low chance of infection.
Due to limited USB support, iOS devices will be very rare.

So it seems Apple world may be quite safe.

FW is insecure because it allows DMA, not because of the USB exploit mentioned in the article.

 

[PracticalMac]

FW is insecure because it allows DMA, not because of the USB exploit mentioned in the article.

Direct Media Access?

Would that be an active connection, meaning need to connect to another computer?
USB seems passive, I that code embedded in firmware of even a mouse could infect the PC.

 

[2984839]

Direct Media Access?

Would that be an active connection, meaning need to connect to another computer?
USB seems passive, I that code embedded in firmware of even a mouse could infect the PC.

No, Direct Memory Access. It can steal full disk encryption keys (and other passwords) out of RAM, bypass various security measures, install malware, and some other things. There's no way to stop it either because DMA is part of the design. An attack similar to the USB is possible with an infected or otherwise malicious external drive connected via FW, or an attacker's own computer if he has physical access.

 

[PracticalMac]

No, Direct Memory Access. It can steal full disk encryption keys (and other passwords) out of RAM, bypass various security measures, install malware, and some other things. There's no way to stop it either because DMA is part of the design. An attack similar to the USB is possible with an infected or otherwise malicious external drive connected via FW, or an attacker's own computer if he has physical access.

The part I am questioning is the trigger.
The USB exploit modifies the firm ware stack, so when you plug it in the PC runs the FIrmware, activating the exploit. Like with the Autorun CD attacks.

With FW, the firmware is not altered so no call to the malware is made.
Now, the Autorun may run the malware, but this is the OS level, not hardware.

 

[gnasher729]

Before anyone panics, just remember, almost any device can be hacked/cracked/whatever if someone has physical access to it. The point is to not let people have access to your devices. If a friend is at your house, don't let him plug his devices into your computer. In the business world, some of the companies I have worked for have disabled USB access on networked computers. I remember having to call the help desk just to install a new keyboard.

I think right now the danger is more that you buy USB hardware that is malicious.

As an example (scam but no danger to your computer): If you buy a 64 GB Flash Drive from eBay cheaply, chances are that you get delivered a 1 GB Flash Drive that pretends to be 64 GB. If you store 10 GB of videos, you won't notice. If you try to play them back, you notice. By that time the company you bought from is closed and has your money.

But in the future, you might receive a genuine 64 GB Flash drive with built-in 3G and pre-paid data, which sends everything that you store on the drive to a hacker (that's rather expensive, so it would only happen if someone specifically tries to target you, and you are worth targeting).

----------

We have banned the use of thumb drives. We still use USB connected mice and printers to name a few items. This article is definitely not good news.

My printer uses WiFi. So it has access to my network and therefore to the outside world. Since it has powerful hardware and a lot of space inside, it wouldn't be difficult to create a hacked printer that transmits everything I print to some hacker.

 

[i4m]

what's next power cord attacks?

 

[PracticalMac]

Do you know where your mouse has been?

 

[AX338]

Guess I'll be buying a Russian typewriter

We found our companies DLP program had problems detecting Cyrillic script.