gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76583 Posts in 13446 Topics by 2074 Members - Latest Member: cobra65kr January 27, 2021, 03:51:14 pm
*
gfx*gfx
gfx
WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Attack code for 'unpatchable' USB flaw released
gfx
gfxgfx
 

Author Topic: Attack code for 'unpatchable' USB flaw released  (Read 4323 times)

0 Members and 1 Guest are viewing this topic.

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Attack code for 'unpatchable' USB flaw released
« Reply #20 on: October 09, 2014, 11:05:35 pm »
This is what I read earlier on in the year.

http://www.wired.com/2014/07/usb-security/

Quote
The problem isn’t limited to thumb drives. All manner of USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed—in addition to USB memory sticks, Nohl and Lell say they’ve also tested their attack on an Android handset plugged into a PC. And once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. “It can do whatever you can do with a keyboard, which is basically everything a computer does,” says Nohl.

The malware can silently hijack internet traffic too, changing a computer’s DNS settings to siphon traffic to any servers it pleases. Or if the code is planted on a phone or another device with an internet connection, it can act as a man-in-the-middle, secretly spying on communications as it relays them from the victim’s machine.

Most of us learned long ago not to run executable files from sketchy USB sticks. But old-fashioned USB hygiene can’t stop this newer flavor of infection: Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer. There’s not even any trusted USB firmware to compare the code against.

The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer. “It goes both ways,” Nohl says. “Nobody can trust anybody.”

But BadUSB’s ability to spread undetectably from USB to PC and back raises questions about whether it’s possible to use USB devices securely at all. “We’ve all known if that you give me access to your USB port, I can do bad things to your computer,” says University of Pennsylvania computer science professor Matt Blaze. “What this appears to demonstrate is that it’s also possible to go the other direction, which suggests the threat of compromised USB devices is a very serious practical problem.”

Blaze speculates that the USB attack may in fact already be common practice for the NSA. He points to a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. The device, which hid in a USB peripheral plug, was advertised in a collection of NSA internal documents as surreptitiously installing malware on a target’s machine. The exact mechanism for that USB attack wasn’t described. “I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue.”

You'll note I hope the last part of the quote as well as the general expose of the article namely that usb controllers can be hijacked to hide all sorts of nasty stuff on both ends of the transaction, in short they recognise the problem of USB being a tainted medium from now onwards.

Offline Pri

  • MX Hosts
  • *****
  • *****
Re: Attack code for 'unpatchable' USB flaw released
« Reply #21 on: October 10, 2014, 07:21:40 am »
Just thought I'd mention. The reprogramming of devices coming from China has become a real problem in recent years. Buying external hard drives that say they are 1TB only to find a USB stick inside the case that has 4GB of storage on it but has had its firmware reprogrammed to report to the operating system it's 1TB. Then the criminals put something heavy in the case to make it feel the right weight.

They also do that with USB sticks themselves selling 64GB ones that actually only have a few GB's of space and any newly written data merely overwrites the old. And even with MicroSD and SD Cards they are reprogramming those too and selling not just incorrect capacity products but also used or defective parts trashed from real factories.

Recently it has become even more deceptive with some chinese resellers purchasing NVIDIA graphics cards like the GTX 750 and then flashing its firmware so that it reports to the operating system it's a faster card like a GTX 750 Ti, 760 or 770. Because NVIDIA uses one driver package for all cards even when the cards report they are something else the driver package still works. In response to this NVIDIA is now signing all their firmware for their cards and you can no longer modify the firmware on the latest Kepler (970 and 980) cards and it is expected this lock will be extended to all future cards they sell.

This USB thing is unfortunately just the latest realisation of this problem. There are many products out there including graphics cards, raid cards, network cards, motherboard BMC management chips and even motherboard BIOS that have ample storage (sometimes 8MB) that have no verification method for the code they run and can be flashed even from inside a booted operating system.

Offline White Stripes

  • Core
  • *****
  • ***
  • Je suis aimé
Re: Attack code for 'unpatchable' USB flaw released
« Reply #22 on: October 10, 2014, 06:19:34 pm »
reprogrammed fakes ive heard of.. all the way back to the days of the 386... ive never met one tho...

WinMX World :: Forum  |  Discussion  |  WinMx World News  |  Attack code for 'unpatchable' USB flaw released
 

gfxgfx
gfx
©2005-2020 WinMXWorld.com. All Rights Reserved.
SMF 2.0.17 | SMF © 2019, Simple Machines | Terms and Policies
Page created in 0.027 seconds with 25 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!