Olympus-OM
[Top] [All Lists]

[OM] The scariest computer security problem I've ever seen

Subject: [OM] The scariest computer security problem I've ever seen
From: Chuck Norcutt <chucknorcutt@xxxxxxxxxxxxxxxx>
Date: Sun, 05 Oct 2014 09:46:09 -0400
Watch this from the Blackhat conference
<https://www.youtube.com/watch?v=nuruzFqMgIw>

The full video is 44 minutes long but you can get much of the gist within the first 15 minutes. The problem described is called "BadUSB".

As it turns out all USB devices (including USB 3.0) contain a microprocessor and *rewritable* memory whose control program contents define the character of a particular type of USB device. But, as part of the USB standard a particular device is allowed to change its device type or even be more than one type of device.

If a USB device is inserted into a computer infected with appropriate exploit code that device may be surreptitiously reprogrammed by inserting new code into unused memory areas on the USB devices memory chip. Then, this second bit of exploit code now exists within the memory of the USB device as additional code. If the USB device was a flash drive, inserting it into a second computer will visibly detect nothing but the original flash drive behaviour. However, the hidden exploit code may have first identified itself as a USB boot device and taken over the initial booting of the computer ahead of the operating system and installed itself by taking over the boot record of the computer boot drive. It can also describe itself as a keyboard and type whatever it wants or capture all your keytstrokes. It can even describe itself as a network card and capture your network traffic. The scenarios are endless... consider that someone asks you if they can charge their Android phone (with USB) on your computer's USB port. The USB controller on the phone may be infected and infect your computer. As they say on their video, the authors have so far only scratched the surface of what may be possible.

The really serious problem with the USB device as the attack vector is that it cannot be detected in any conventional way. The malware exists in the microcode of the USB device. Today there is no software that read and verifies that code nor, if there was, could it even be enabled if the malware takes over booting of the machine.

ps: This has nothing to do with Windows, iOS or Linux or any other operating system. The infection is in the hardware and all are vulnerable. Sorry to ruin your day (as it has mine) but we should all be aware of what's possible.

Chuck Norcutt
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz