HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Two security researchers say that they have "exploited the very way that USB is designed" and there is no way this security problem can be patched. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Why The Security Of USB Is Fundamentally Broken
- Thread starter HardOCP News
- Start date
jojo69
[H]F Junkie
- Joined
- Sep 13, 2009
- Messages
- 11,267
oh...
awesome
awesome
lilbabycat
2[H]4U
- Joined
- Jun 21, 2011
- Messages
- 3,810
I'd have to assume this is what the NSA had been doing all along, right?
Skripka
[H]F Junkie
- Joined
- Feb 5, 2012
- Messages
- 10,791
LMAO to them for seriously expecting users to exercise common sense measures...how well does that work in reality?
amddragonpc
[H]ard|Gawd
- Joined
- Sep 20, 2012
- Messages
- 1,996
STUXNET
viscountalpha
2[H]4U
- Joined
- Oct 16, 2011
- Messages
- 2,618
Given that a free usb drive would be such an easy way to socially engineer people to use them, So many people will be screwed by this exploit.
They can still just disassemble the stick and remove the controller, then replace it with one already flashed with their modified firmware.
Can't somebody just come up with an intermediary device the usb plugs into. It has mirrored firmware. One that is secured on the pc side and one that interfaces with the usb device on the other? Or is this something that would break the fundamental functionality of USB?
I suppose you could plug into, say, android device, and then transfer the file to a pc.
At that point.. why not just take the stick and copy the contents to an already hacked stick? Much simpler to do it that way.
Having to replace a portion of the hardware to be able to implement the "hack" is not really a hack in my book.
We've got to STOP just "doing stuff because it's cool!" when it comes to universal features of computers.
We keep $##$@# ourselves over with "convenience" tech like Java, USB, internet of things...
EVERYTHING doesn't need to be "auto-magic."
And as far as this issue goes, I guess I'm not surprised. With all the other security reality issues crashing down on us, it looks like we have screwed up yet again in our rush to get away from physical media devices.
Here's another question that relates to this issue a little: Firmware on hard disks has been traditionally pretty secure against malicious rewrite. It's just not a good place to run attack code. But what about SSD drives? Especially as we run full speed away from the SATA interface and start plugging them direct into the system bus? How much could you do with a malicious firmware on an SSD device?
We keep $##$@# ourselves over with "convenience" tech like Java, USB, internet of things...
EVERYTHING doesn't need to be "auto-magic."
And as far as this issue goes, I guess I'm not surprised. With all the other security reality issues crashing down on us, it looks like we have screwed up yet again in our rush to get away from physical media devices.
Here's another question that relates to this issue a little: Firmware on hard disks has been traditionally pretty secure against malicious rewrite. It's just not a good place to run attack code. But what about SSD drives? Especially as we run full speed away from the SATA interface and start plugging them direct into the system bus? How much could you do with a malicious firmware on an SSD device?
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,823
Would be more curious about SSD and firmware...
I mean for one, how do they infect the USB key in your system, you must download it from somewhere which hopefully your av or what ever would stop...
Unless someone is selling pre-hacked USB items, keyboards, mice et cetera...
I mean for one, how do they infect the USB key in your system, you must download it from somewhere which hopefully your av or what ever would stop...
Unless someone is selling pre-hacked USB items, keyboards, mice et cetera...
Parja
[H]F Junkie
- Joined
- Oct 4, 2002
- Messages
- 12,670
Just? Just open up a housing that's, more often than not, assembled in a manner that requires you to break open the housing, then unsolder the existing controller chip and solder a new one on, and finally find a way to reassemble it without making it obvious that you broke it open in the first place?
sfsuphysics
[H]F Junkie
- Joined
- Jan 14, 2007
- Messages
- 15,994
Wonder if a fix wouldn't be a bypass usb port, akin to a condom, that way any USB firmware data could be on put onto the bypass port to "read" the device, the bypass would be software installed instead of firmware autoinstall, then you can wipe the volatile memory in the bypass and all is good.
Assuming this is possible this could be the standard for all new USB ports that are made, simply build it into the computer. I cringe whenever researchers say something "can't be blocked/patched/done" especially after they just did something no one thought could be done.
Assuming this is possible this could be the standard for all new USB ports that are made, simply build it into the computer. I cringe whenever researchers say something "can't be blocked/patched/done" especially after they just did something no one thought could be done.
I'll just leave this here:
http://arstechnica.com/tech-policy/...de-factory-show-cisco-router-getting-implant/
Cerulean
[H]F Junkie
- Joined
- Jul 27, 2006
- Messages
- 9,476
Good. That means freedom.
- Joined
- Aug 20, 2006
- Messages
- 13,000
Wait, so you could infect a thumb drive with a backdoor, go up to a friend/co-worker/hot girl, tell them that you have some cool programs or photos you want them to check out, then remotely access their system and steal all their shit?
That actually sounds very useful.
That actually sounds very useful.
GoodBoy
2[H]4U
- Joined
- Nov 29, 2004
- Messages
- 2,771
That is a little different than replacing a chip in a molded together USB memory stick.
So, somehow this USB firmware infection can somehow load itself into your computer, once a infected usb device is plugged in. It would appear the USB hardware has the ability to load software into memory bypassing the OS, thereby causing the cpu to run the infection? So say you had Tails OS, or other "very secured" OS running (bsd/linux/solaris), this thing can still infect your computer and do anything it wants? I'd like to see a test of it on a powered up diskless workstation (with no OS) perform something.
Dead Parrot
2[H]4U
- Joined
- Mar 4, 2013
- Messages
- 2,831
One of the articles on this mentioned that it is not just memory devices that have this breach. Apparently, all(most?) USB gizmos can have their firmware updated after manufacture. I wonder if it is possible to infect a wireless USB mouse with this via a rogue wireless mouse radio that could implant a piece of code just by walking by a wireless USB mouse?
Nenu
[H]ardened
- Joined
- Apr 28, 2007
- Messages
- 20,315
More than that, there is the possibility that the firmware of other USB devices can be rewritten, making it join the party if plugged into another PC.
So is there anything that can be done to protect against/detect this for regular users?
Like routing USB devices through a VM?
Would having a UTM (a la Untangle running in transparent mode on a stand alone box or VM) at least let me know once the malware goes active?
Seems like the biggest threat would be a hacker group compromising an OEM and slipping this into their devices so that the memory stick or usb device is compromised when it comes to you in a brand new state.
Like routing USB devices through a VM?
Would having a UTM (a la Untangle running in transparent mode on a stand alone box or VM) at least let me know once the malware goes active?
Seems like the biggest threat would be a hacker group compromising an OEM and slipping this into their devices so that the memory stick or usb device is compromised when it comes to you in a brand new state.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
Wow this is interesting and makes total sense, never even considered the firmware on these devices. I wonder how it is accessed though, special commands sent via USB protocol?
Technically a flash drive could be coded to act as any device. A printer, a keyboard, a mouse, a wireless AP or bluetooth device that opens up all your files to anyone...
Would not surprise me if the NSA has been doing this for a long time.
It's not just USB sticks, it's ANYTHING USB really. Also not just USB, what about things like video cards or other cards, there's so many posibilities to infiltrate a computer at the hardware/firmware level it's kind of scary.
There really needs to be an open source hardware movement imo.
Technically a flash drive could be coded to act as any device. A printer, a keyboard, a mouse, a wireless AP or bluetooth device that opens up all your files to anyone...
Would not surprise me if the NSA has been doing this for a long time.
It's not just USB sticks, it's ANYTHING USB really. Also not just USB, what about things like video cards or other cards, there's so many posibilities to infiltrate a computer at the hardware/firmware level it's kind of scary.
There really needs to be an open source hardware movement imo.
Uh that is exactly what hacking is... I guess you think script kiddies are hackers then.
And they aren't after the contents on the USB, they are using the firmware on the USB to install malicious code on any PCs it is plugged into. All I was getting as was that even if they make the firmware read only, hackers could still just de-solder the chip from the board and replace it with one that's already running the malicious firmware. Then they can exploit the vulnerability being discussed in the article.
cdr_74_premium
[H]ard|Gawd
- Joined
- Oct 20, 2010
- Messages
- 1,577
LOL! It was yesterday that I learned about firmware in USB devices, when my newest - and first decent - gaming mouse software warned me that it had to update the mouse's firmware.
Suprfire
2[H]4U
- Joined
- Sep 1, 2008
- Messages
- 2,116
Note to self: Do not buy really cheap usb storage from chinese ebay sellers in the distant future.
Seriously though, that could be a real thing with this newly revealed knowledge. They can now boost their ebay feedback with cheap drives... and steal your info and gain access to a computer with each drive they sell! All while the drive actually still works.
Seriously though, that could be a real thing with this newly revealed knowledge. They can now boost their ebay feedback with cheap drives... and steal your info and gain access to a computer with each drive they sell! All while the drive actually still works.
ha.. "script kiddies"
In any case, most USB memory sticks are going to be destroyed when disassembled. The plastic ones are molded together, and the metal cased ones are not going to fare any better if you try to disassemble them.
To eliminate the possibility of any USB memory sticks that could actually be disassembled and reassembled without any noticeable damage would be to completely fill the insides with epoxy. Pretty much no way you are going to be able to replace a chip on a USB memory stick if the components are encased in epoxy and the case is also fused to the epoxy.
The type of hack being discussed was a software hack in any case.
With hardware "hacks", you are not going to really have much that is unhackable since you can just replace an original with a modded piece of hardware.
There is really no way to combat that except make it impossible to replace the hardware.
This is a none issue if your security is setup right. Simply lock the OS so that you only upgrade drivers in a elevated screen. The UAC can do this on windows, on linux you can lock it so that only root has this ability and anyone using root for every day tasks on linux is an idiot.
Personally I set autoplay to do nothing. That way I access the devices through the explorer and can control what permissions removable devices have. Though if someone replaces your key board or reprograms it you have bigger issues anyway.
Personally I set autoplay to do nothing. That way I access the devices through the explorer and can control what permissions removable devices have. Though if someone replaces your key board or reprograms it you have bigger issues anyway.
Red Squirrel
[H]F Junkie
- Joined
- Nov 29, 2009
- Messages
- 9,211
I don't think software security would do much as this is firmware based. For example the USB stick could act like a keyboard and actually send certain keystrokes that would cause the computer to do something. Though there are probably USB system calls that can be used so it's even more subtle.
UAC wont do anything, it was probably going to prompt you anyway and you were probably going to click yes anyway. As for using root, well, you have to use root to mount stuff anyway. This form of hacking is really genius as there is really not much that can be done, you just have to trust every piece of hardware that plugs into your machine and protect it from rogue hardware like someone randomly swapping your mouse for a h4x3d one.
UAC wont do anything, it was probably going to prompt you anyway and you were probably going to click yes anyway. As for using root, well, you have to use root to mount stuff anyway. This form of hacking is really genius as there is really not much that can be done, you just have to trust every piece of hardware that plugs into your machine and protect it from rogue hardware like someone randomly swapping your mouse for a h4x3d one.