Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
- Thread starter MacRumors
- Start date
- Sort by reaction score
It is surprising how many people don't understand this article. The firm were being talked about is on the USB device. Normally that firmware is never touched after leaving the factory.
The fact that you would have to rewrite the firmware for a USB device puts this hack outside of the normal script kiddie activities. You would need to have the development tools at your disposal to write the code and possible hardware tools to load it into the devices firmware.
The same sort of exploit could be generated for TB, PCI Express cards and a number of tether ports.
You would normally assume that the firm ware is good from the factory. At some point modified firm ware would have to be loaded into the device. If the devices firm ware is capable of being updated over USB then that might be rather easy to do. If the device requires more direct programming that could be far more difficult.
I have no idea what you are trying to say above. Once the virus is loaded into your computer it can do whatever it wants. The whole point of such an attack would be to bypass the user.
----------
I'm not sure why you beleuve TB would be more secure. If anything it would be less secure.
There is a wide range of possibilities here. For some devices everything including firmware can be reprogrammed over USB.
True but you would need to know if that is possible or not for every device you own.
Exactly! For most USB hardware this would be a major undertaking. Someone with the resources to do this would find a way to break into your computer anyways. It is virtually impossible to be 100% certain that a comouter is secure.
The military has actually banned USB devices for years now. I believe the ban started 4-5 years ago. There was some incident involving Chinese hackers, if I recall correctly.
Probably not a big risk for your average person. Just don't use random people's thumb drives.
Probably not a big risk for your average person. Just don't use random people's thumb drives.
The common method is to disable the USB drivers. Does that not work? You would need to provide some method to connect a keyboard and mouse.
Well, does that mean if USB was replaced with Thunderbolt completely, there wouldn't be vulnerabilities, or is it just a matter of time? Does this effect all Operating Systems? Couldn't you just disable your USB device hardware?
I guess maybe I should just watch the presentation
For most MacBooks, the internal keyboard, trackpad, bluetooth module, FaceTime camera and IR receiver are all connected via internal USB headers. Look it up in System Information. If they're compromised somehow, Thunderbolt and Firewire won't save you.
Apple's Keyboard firmware has been compromised in the past. A similar firmware hack compromised an older version of the MacBook battery. You probably remember the firmware hack that enabled iSight cameras without lighting up the green LED indicator.
While these are all for older hardware, it took years to discover the vulnerabilities. Hopefully current hardware has been patched up properly, but we won't likely know for a few more years.
I would think that the virus gets transferred when you transfer the file from the USB device to the computer, unless they can write an app that automatically infects the computer simply by plugging in the USB device, but I would assume it's probably the first method rather than the 2nd. I guess it would depend on how the virus is written.
----------
But a G5 won't run the more recent versions of OS X.
It's not quite that simple. For anyone working in any kind of shared workplace (office, lab, workshop etc.) then they can't control access to their device. You can't assume every co-worker, all cleaning staff, all visiting customers/clients are well-intentioned.
I'd love to know more about the specifics, but if someone can just walk by my ("locked") machine while I'm not nearby, pop in a USB device for a few seconds and that results in a crash or code execution, that's not good.
Hah! But what if someone uses my slots when I'm not there? Wait... what?
Since we have almost everything made in China and they're a known vector for malware it stands to reason the fix is to not buy anything from shadey Chinese companies and to be very cautious of anything made in China (including iPhones, iPods, etc.) until this can be added to the antimalware checks security suites do.
Don't trust technology too much.
People, I really think it's time we stop trusting and relying too much on technology and start being more viligant/aware. There is no way technology will be 100% secure and it will never be in the future. It's sad, but that's the truth. Find better alternatives people, it's out there.
People, I really think it's time we stop trusting and relying too much on technology and start being more viligant/aware. There is no way technology will be 100% secure and it will never be in the future. It's sad, but that's the truth
. Find better alternatives people, it's out there.
That doesn't sound correct at all. The USB device has its own firmware that lets it do its stuff. Your computer has a driver for the USB device. The USB can't magically infect your driver, no matter what the USB firmware does.
What the USB can do - with compromised firmware - is provide false files. You could, for example, have an installation file on a USB stick and when you actually come to download it to your computer, it gets replaced by a malicious file instead.
And what you obviously don't understand is that this can happen to any USB device. So I could hand you a mouse to use, you hook it to you computer at home, and I win. This is currently undetectable, and at the moment untreatable. So, if you use any USB device anywhere (use a thumb drive at school and home, at work and home, etc...) you are vulnerable.
Should this happen? No. Does it happen? Yup. I wonder if the USB connection made from iOS devices is vulnerable. I wonder if USB plugs (AC to DC) are vulnerable too...
Firmware Hacks are not new
http://www.digitalsociety.org/2009/08/apple-keyboards-hacked-and-possessed/
Remember this folks? Yep was demonstrated on us Macy people.
Its a sneaky very low profile way of getting malicious code onto a person's computer. However it has to have a way to execute. If the code doesn't run than it isn't actually a threat.
Although getting the payload onto the device may not be as hard as you think if it pretends to be a HID and auto-types in code into command prompts like DOS-Shell or Terminal.
https://www.youtube.com/watch?feature=player_detailpage&v=JwLRjNPrO2c#t=262
They could also attack along other know vectors, such as Windows Autoplay.
http://www.digitalsociety.org/2009/08/apple-keyboards-hacked-and-possessed/
Remember this folks? Yep was demonstrated on us Macy people.
Its a sneaky very low profile way of getting malicious code onto a person's computer. However it has to have a way to execute. If the code doesn't run than it isn't actually a threat.
Although getting the payload onto the device may not be as hard as you think if it pretends to be a HID and auto-types in code into command prompts like DOS-Shell or Terminal.
https://www.youtube.com/watch?feature=player_detailpage&v=JwLRjNPrO2c#t=262
They could also attack along other know vectors, such as Windows Autoplay.
Thunderbolt, FireWire, and ExpressCard (and variants) are all vulnerable to DMA attacks.
Just because there has been an exploit discovered for USB does not make them any more secure.
Just because there has been an exploit discovered for USB does not make them any more secure.