homepage Welcome to WebmasterWorld Guest from 54.204.249.184
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Local / Foo
Forum Library, Charter, Moderators: incrediBILL & lawman

Foo Forum

    
All USB devices are 'critically flawed'
Lame_Wolf




msg:4694150
 7:00 pm on Aug 8, 2014 (gmt 0)

Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.

The duo said there is no practical way to defend against the vulnerability.

[bbc.co.uk...]

 

incrediBILL




msg:4694172
 7:55 pm on Aug 8, 2014 (gmt 0)

Sure there's a practical way - you change your USB device drivers to stop doing what they're doing.

This is not a hardware problem, this is a software problem, a simple driver issue.

The fact that you aren't alerted to things auto-running off the USB card is the flaw, if it doesn't, it should ask permission, the AV software should validate the contents of the device.

The same could also be said about CD's, esp. CD-RW's that put auto-run files on them, and floppies, etc.

This isn't rocket science, it's not terribly hard either, but they're flinging the FUD.

Nothing you can do? Not with that stupid attitude.

Crap like this makes me weep for the future.

P.S. My credentials include writing device drivers and I've played with USB stuff, it can all be changed because without software engaging on the computer, there's nothing the USB can do by itself, and that software can be changed.

J_RaD




msg:4694190
 10:30 pm on Aug 8, 2014 (gmt 0)

easy......

[labs.bitdefender.com...]

graeme_p




msg:4694209
 6:52 am on Aug 9, 2014 (gmt 0)

This is NOT auto-run malware, it operates at the firmware level, spoofing different devices during boot (e.g. a fake keyboard that sends input), overwriting the BIOS, and installing a rootkit.

The proof of concept attack can infect a USB stick plugged into a Windows machine and then infect Linux if present at boot.

The best protection for the moment appears to be to not share devices that are present at boot.

piatkow




msg:4694218
 10:53 am on Aug 9, 2014 (gmt 0)


The best protection for the moment appears to be to not share devices that are present at boot.


Which is essentially the computer equivalent of unprotected sex.

graeme_p




msg:4694538
 8:52 am on Aug 11, 2014 (gmt 0)

Yes, but,

1) they are talking about all kinds of devices, not just USB storage and other obvious threats: printers, mice, ....
2) a reformatted USB stick will still be infected because this resides in the firmware, not the storage.
3) there is a potential threat after boot, but its probably harder to exploit - something like fake keyboard input after boot is likely to be noticed by users... and its effects will be less predicable than at a known point in the boot sequence. A fake USB network card is potentially still nasty though.

engine




msg:4694550
 10:08 am on Aug 11, 2014 (gmt 0)

There are very few occasions i've used a USB device from someone else, and even then, it has to be from a trusted source.

There's nothing wrong with articles such as the one that prompted this thread as it informs users and reminds them of the risks. Most people just don't think about the threat from a usb device, or CD, etc.

I do remember removing a music CD from my computer because some "smart clown" decided to put things on the CD other than just the music. Nothing really nasty, but something persistent - a screen saver. I did not choose that option to install it, it was a self install. I removed the CD and copied the audio onto a new CD and use that instead.
I know that some run a menu without notification when inserting the CD. Bad, bad, bad, imho.

USB devices are probably worse as it's easier for a virus or malware to copy itself to a flash drive or hard drive than to a CD.

incrediBILL




msg:4694753
 3:03 am on Aug 12, 2014 (gmt 0)

This is NOT auto-run malware, it operates at the firmware level, spoofing different devices during boot (e.g. a fake keyboard that sends input), overwriting the BIOS, and installing a rootkit.


OK, it's STILL auto-running something and it's STILL software on the computer.

The BIOS drives all devices and the BIOS can be fixed, this isn't rocket science.

Even if it was 100% hardware, hardware can be FIXED.

The simplest solution for today would be to build a USB shield device that is a small plug between the computer and all USB ports that disables this vulnerability.

tangor




msg:4694762
 4:27 am on Aug 12, 2014 (gmt 0)

I'm with IncrediBILL, kiddies. Managed systems will NOT allow any of this to occur. Truly managed systems will deal with USB in VMs that never see the underlying hardware OR the original OS Start/Run. As a final, I do not accept files, devices (USB or otherwise), or LINKS from any source I do not TRUST (and that is a shared trust using the same protections).

If you have not disabled autorun of ANY KIND or ANY OS, then you're an accident looking for a place to happen.

graeme_p




msg:4694768
 6:13 am on Aug 12, 2014 (gmt 0)

@engine, it is pretty common practice to share data using USB sticks.

@incrediBill, no, some attacks do not run software on the computer: see the one on page 13 and some others in the slides:

[url]https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf[/url]

The same applies to fake keyboard input. The problem is that compromised USB devices can be used to send the computer fake input, misdirect DNS queries (through a fake USB interface) etc.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Local / Foo
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved