I was thinking the same thing -- this may also help to explain this: http://blog.erratasec.com/2013/10/badbios-features-explained.html#.U9pgXla5duY
He had stated that he thought his initial infection came via a USB device....
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
- Thread starter MacRumors
- Start date
- Sort by reaction score
I was thinking the same thing -- this may also help to explain this: http://blog.erratasec.com/2013/10/badbios-features-explained.html#.U9pgXla5duY
He had stated that he thought his initial infection came via a USB device....
Looks like it is time for Firewire to return!
I logged into just to write a snarky "FireWire FTW!" post, and I'm not disappointed that someone beat me to it!
Unfortunately, but without knowing anything too much in detail, this "virus" will not present itself as a file but rather more gets injected into the core of the system (the I/O layer) and will explicitely be executed "by design". Even worse, it is by design executed in kernel mode. As firmware is basically a driver, the computer MUST load and execute it before it can even access the device on any useful level other than probing.
So, any computer running a specific type of CPU (addressed by the firmware) can be vulnerable, no matter what operating system.
Does it even have firmware? I think thats just a picture, its more the USB device thats connected to it that will have the payload.
I wonder if lightning provides a barrier to this? As its not a USB protocol at the Apple end?
Yep....
When talking about computer security, restricting physical access to the box is always considered the first line of defense. That's why you put your servers behind a locked door in a special, climate controlled room.
I remember years ago, several of the big employers where I lived had a procedure of gluing all USB ports shut on the user's workstations and banning USB storage devices from being carried on or off the property. Extreme measures? Probably, but also understandable if you work with a lot of classified information -- and shows that USB has been a known vulnerability for quite a while now.
When talking about computer security, restricting physical access to the box is always considered the first line of defense. That's why you put your servers behind a locked door in a special, climate controlled room.
I remember years ago, several of the big employers where I lived had a procedure of gluing all USB ports shut on the user's workstations and banning USB storage devices from being carried on or off the property. Extreme measures? Probably, but also understandable if you work with a lot of classified information -- and shows that USB has been a known vulnerability for quite a while now.
The cable is just wire, and sometimes a resistor; it's not on the cable. It's on the firmware of something like a USB flash drive. This makes it difficult to detect and remove because usually you would figure that if you erase, or reformat, the flash drive then everything is off of it; but with this the malware will stay there. The malware cannot be removed by erasing the flash drive because erasing the drive does not erase the firmware.
so, if the firmware is a problem, patch it.
Either that, or everyone stop using usb. Switch to TB.
Either this would have to be physical product purchased *fake* to good genuine, or on existing physical access..
Very few stuff these days rarely used remote access, just you must have control to begin with and or allow access by the OS.
if all that can by by-passed, then beneath the OS ...then, maybe.
Either that, or everyone stop using usb. Switch to TB.
Either this would have to be physical product purchased *fake* to good genuine, or on existing physical access..
Very few stuff these days rarely used remote access, just you must have control to begin with and or allow access by the OS.
if all that can by by-passed, then beneath the OS ...then, maybe.
If I understand correctly, it's written into the ROM of the device itself, not rewritable memory -- sort of like how each USB device has a firmware/driver/hardware ID written for it (which you'll be more than familiar with if you use Windows).
So potentially, the device will still work fine, but transmit the virus while using it. Theoretically, it's an entirely plausible prospect. Practically, however, it will be ridiculously difficult, if not impossible, to pull off. I imagine you'd have to be an OEM for a hardware company and have it written in the code somehow. And then dispensing the virus would depend on how many people bought your product.
Then you'd have to figure out how to make it self-propagating. It's not like all USB vendors use a certain firmware base which has an exploitation in it, which can be written to. It's ROM, it's already written. You'd have more luck trying to write to a burnt CD-R.
Yes, if a virus is written into the firmware, it will circumvent all known protective measures. Theoretically. Also theoretically, somebody can write a virus that wipes out every single bank account. Doesn't matter how difficult it is, theoretically where there's computer software, there's some way to eventually hack it. But it won't happen. Getting the USB virus written in there requires some extremely clever skills, and I can't see how the virus could then write to other vendors' firmware. With that in mind, IMHO this is a 'vapourware virus'.
It seems to me that so long as you're not using any USB connectors that you didn't buy new yourself it won't be an issue.
Alternately, I think Thunderbolt and Lightning connectors may be the way to go moving forward.
Alternately, I think Thunderbolt and Lightning connectors may be the way to go moving forward.
Before anyone panics, just remember, almost any device can be hacked/cracked/whatever if someone has physical access to it. The point is to not let people have access to your devices. If a friend is at your house, don't let him plug his devices into your computer. In the business world, some of the companies I have worked for have disabled USB access on networked computers. I remember having to call the help desk just to install a new keyboard.
Yea it sounds like in order to do this, you would have to be either a device manufacturer, or somehow able to insert code into the device manufacturer's code copy that they write to each device.
If the firmware isn't rewritable, I don't see how even some hacker would be able to take a store bought USB device and put it on there, it wouldn't be able to be written to. Maybe if you just bought raw parts and had the right equipment to flash your own ROM onto chips. Seems difficult though.
If the firmware isn't rewritable, I don't see how even some hacker would be able to take a store bought USB device and put it on there, it wouldn't be able to be written to. Maybe if you just bought raw parts and had the right equipment to flash your own ROM onto chips. Seems difficult though.
Exactly.
THis is a "proof of concept" type attack.
You would need to know the device USB controller and be able to install firmware on the device. Devices with upgradeable firmware would be easier but still not easy.
This reminds me of Sony's root kit.
Some OEM might use this to install crapware.
it's not a virus in the true sense of the word because you can't replicate this on any USB device. What it could do though is install another virus or key logger on a system, but we have known you can do that from a USB device for years.
This isn't new news for people that understand USB.
Guess I'll be buying a Russian typewriter
Don't forget to ask for its source code...
Looks more like a proof of a flaw in USB and not an actual security threat. Whenever someone uses the word "infect" so vaguely like that, it's probably not an issue. What, I'm going to accentually copy virus.exe onto my Mac?
Also, that picture messes with my head. It looks like one of those mythical male-to-male USB cables
Also, that picture messes with my head. It looks like one of those mythical male-to-male USB cables
In many cases, the firmware could be burned into ROM chips, but when you talk about peripherals such as printers, flash drives, hard drives, etc., their firmware may need to be updated as bugs are discovered. If their firmware is in ROM, then if your device has a bug, you'll either have to live with it or buy a new device.
I don't think you will be happy if this happens.
I superglued my USB and have strickly been using thunderbolt (and paying 10x) for the last 2 years I knew it would finally pay off lol. /sar