Is your USB safe

rongtw · ‎01-12-2010

Just been reading this

http://www.techspot.com/news/57591-researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight...;
so it looks like its wise not to trust anyone's USB connected device

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .

Mattz0r · ‎21-07-2010

Sounds nasty!

shutter · ‎06-11-2007

So is dying...... and they haven`t got a cure for that either.... :(.
If it happens.... it happens... not much you can do about it,... so stop worrying about it, .... and enjoy life as it comes.....

picbits · ‎18-01-2013

It would be so simple to reflash the firmware on a USB memory stick to include a HID controller to send secret keypresses to the host machine or to do other malicious things to the machine.
I've had a play with some USB microcontrollers which emulate various devices and can mimic other devices through their PID etc.

ejs · ‎10-06-2010

It's somewhat light on the details of how the usb device with reprogrammed firmware actually does the taking over of the computer. It could appear as a keyboard and send whatever key presses it wants - so what?

picbits · ‎18-01-2013

I'm not sure if multiple HID devices can receive information from each other.
I.e. whether a USB keyboard could receive data sent by another USB keyboard on the same machine. I suspect not although there may be some interaction so things like caps lock etc are synchronised. If it could receive keypresses then keylogging is an obvious potential issue.
Potential to drop malicious software on the machine ? Possible but quite difficult as it would have to act as both a USB memory stick and a HID device for this to work.
Possible via keypresses to hit Win+R then CMD, Enter, copy con malicious.bat etc etc. A small batch file could be planted in the startup folder in seconds.
I think maybe the biggest danger would be from a USB stick which has malicious intents during the first 10 seconds of power up. It could drop a rootkit onto a PC on bootup if left in the machine. It could then revert back to a normal USB memory device so virtually undetectable. You could have some kind of random counter built in which for 99% of the time causes the memory stick to behave but that one time you leave it in and it turns on you .........

ejs · ‎10-06-2010

Yes but so what - don't you think something might notice the malicious software being dropped onto the machine? Most of the stuff described seems to be detectable - e.g. if the usb device acts as a network interface, so what, that doesn't mean your computer must automatically go and use that network interface.
Nor would a PC necessarily try to boot first from the USB stick.

picbits · ‎18-01-2013

Indeed - there are so many "what if's" and obstacles to make it something to seriously worry about - you can check your bios doesn't allow USB booting before HDD etc and make sure you UAC is turned on in Windows (although you'd only have to send a right key and enter to accept an admin / UAC warning box that comes up).
It reminds me of the time my stepson got my password - apparently it just appeared on his screen. Obviously I changed it but one day when he was at school, I noticed that things I had typed out in the workshop had appeared in a notepad that was open on his machine. We were both using wireless keyboards on the same frequency and the cabling between the workshop and house had acted as an aerial and the receiver on his machine could pick up what I was typing out in the workshop !

VileReynard · ‎01-09-2007

Quote from: rongtw
Just been reading this http://www.techspot.com/news/57591-researchers-uncover-fundamental-usb-security-flaw-no-fix-in-sight...;
so it looks like its wise not to trust anyone's USB connected device

Actually that article implies that you you should never connect anything that uses firmware.

"In The Beginning Was The Word, And The Word Was Aardvark."

ejs · ‎10-06-2010

Some of the articles have portrayed this issue as the magic usb stick is utterly unstoppable and the problem is inherently unfixable.
Perhaps someone will make a magic usb stick that can do something useful like be capable of flashing a 582n (one with a usb port, obviously) to OpenWRT.

rongtw · ‎01-12-2010

there is some more here ,
http://www.dailymail.co.uk/sciencetech/article-2711802/Is-USB-drive-risk-Invisible-fundamental-flaw-...

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .

Thunderclap · ‎08-09-2008

I suspect this is a little more involved than using the Windows Autorun file as a Malware vector but from what I can see, you will need to reflash the firmware on the USB drive which, in most cases is physically impossible as it leaves the factory hard coded into the controller. So it's only a well resourced agency attack then? The USB device would need to force the computer to run the malicious code, how? Maybe they found a backdoor that was built into USB decades ago? And is this on Windows, Linux, IoS, Android, where?

Alex · ‎05-04-2007

When I read the first article, I guessed its source - made me laugh now as the link has now been posted.
I don't see how that is possible personally. Doesn't seem to be much evidence there, just words.
Sorry my mistake. I've just noticed the picture of a magnifying glass with a bit of code.
I guess it must be true then.

Thunderclap · ‎08-09-2008

I do suspect a certain element of scare-aware behind these researchers motives.
In reality anything can be made to look like a USB drive. Digital cameras look like USB drives to a computer when clearly they are not. Mobile dongles have a 'CD Drive' with embedded firmware. Even an USB enabled Arduino can be made to behave as a memory stick. But all of these assume there are the correct drivers on the target machine - the major headache with using any USB device. As you said Alex, there was a magnifying glass with some very scarey looking psuedo code, so it must be important.
Anyway, for you tech heads, check out this article, The best way to disable Autorun, for protection from infected USB flash drives
http://blogs.computerworld.com/the_best_way_to_disable_autorun_to_be_protected_from_infected_usb_fla...

ejs · ‎10-06-2010

Many USB devices do not need any special driver, they use standard usb "class" drivers that are part of the operating system. For any device that presents itself as an ordinary usb drive (mass storage class), the operating system of the computer will access that storage using its usb storage driver. So a digital camera that appears as an ordinary usb drive will be using the standard usb storage driver (lots of other cameras may use a different standard, MTP, instead). You don't need any special drivers to access the software that appears as a cd drive from a mobile dongle, obviously. Most ordinary USB keyboards and mice will all use the built-in human interface device (HID) driver. A lot of different webcams will use the standard usb video class driver.
The various standards are listed here: http://www.usb.org/developers/docs/devclass_docs/
I saw there's a described standard for updating the firmware of a usb device, but none of my usb devices implement that standard. I did update the firmware for a usb hard disk enclosure a long time ago, it was done in a non-standard vendor specific way that will only work on devices using that particular manufacturer's chip.

Is your USB safe

Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

"In The Beginning Was The Word, And The Word Was Aardvark."

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe

Re: Is your USB safe