Olympus-OM
[Top] [All Lists]

Re: [OM] More on: Why the Security of USB Is Fundamentally Broken

Subject: Re: [OM] More on: Why the Security of USB Is Fundamentally Broken
From: Scott Gomez <sgomez.baja@xxxxxxxxx>
Date: Tue, 7 Oct 2014 22:25:49 -0700
At least some of the code has been released publicly.

On Tue, Oct 7, 2014 at 9:48 PM, Peter Klein <pklein@xxxxxxxxxxxxx> wrote:

> But seriously, folks...
>
> I am pretty much with Monsieur du Moose regarding the threat level
> *today.*  So far, beyond the spook stuff, it's all theoretical.  If the
> researchers who found the vulnerability actually release their code to the
> public, then the danger goes way up quickly.  I hope they only give it to
> the OS manufacturers, and that those folks keep it really close to their
> vests until detection and cleaning or blocking methods are developed and
> propagated.
>
> I do agree that the vector described could be exploited by some bad guys,
> and it would be the equivalent of a "day zero" virus. As the article
> referred to earlier says, microcode signing and a major upgrade to way USB
> works is the only way to stop this 100%.
>
> BUT... exploiting this threat requires a lot more skill than writing the
> usual virus. We're talking about machine-level microcode here, not a
> high-level language in a Web link or Word document.  Microcode is usually
> very hardware-specific, so malware that would affect Brand X USB chips
> wouldn't necessarily work on Brand Y, or even Version n+1 of Brand X.  It
> is also more expensive to spread a hardware infection than it is to spread
> a virus by mass emailing of an infected link or document. So whoever was
> doing it would have to have resources and money beyond the typical virus
> writers.
>
> My guess is that a method to scan USB devices' microcode before the OS
> mounts it will be implemented quickly, as will code to detect tampering or
> malware-like behavior.  Any suspicion, and the device doesn't get mounted.
> These will be patched into existing OSes. As pointed out earlier, the one
> place this won't work is at the BIOS level, because hardly anyone upgrades
> their BIOS unless forced. Microsoft and the major hardware manufacturers
> would have to collaborate on propagating BIOS patches, and users of no-name
> clone PCs may be out of luck. So don't boot off of USB devices if there's
> the slightest doubt where it's been.
>
> One scary issue involves laptops. Many laptop CD drives (and other
> removable hardware) use USB internally even though you don't realize it and
> you don't see the familiar plugs.
>
> --Peter
>
>
>
> --
> _________________________________________________________________
> Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
> Archives: http://lists.thomasclausen.net/mailman/private/olympus/
> Themed Olympus Photo Exhibition: http://www.tope.nl/
>
>
-- 
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz