Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 22 Dec 2014, 00:12
All times are UTC - 4
 Forum index » Off-Topic Area » Security
BadUSB thumbdrive hacks computers.
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 1 of 1 Posts_count  
Author Message
Sky Aisling


Joined: 27 Jun 2009
Posts: 968
Location: Port Townsend, WA. USA

PostPosted: Thu 31 Jul 2014, 19:37    Post_subject:  BadUSB thumbdrive hacks computers.
Sub_title: Researchers devise stealthy attack that reprograms USB device firmware.
 

Quote:
When creators of the state-sponsored Stuxnet worm used a USB stick to infect air-gapped computers inside Iran's heavily fortified Natanz nuclear facility, trust in the ubiquitous storage medium suffered a devastating blow. Now, white-hat hackers have devised a feat even more seminal—an exploit that transforms keyboards, Web cams, and other types of USB-connected devices into highly programmable attack platforms that can't be detected by today's defenses.

Dubbed BadUSB, the hack reprograms embedded firmware to give USB devices new, covert capabilities. In a demonstration scheduled at next week's Black Hat security conference in Las Vegas, a USB drive, for instance, will take on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive will similarly be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. The presenters will demonstrate similar hacks that work against Android phones when attached to targeted computers. They say their technique will work on Web cams, keyboards, and most other types of USB-enabled devices.
...


http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/
Back to top
View user's profile Send_private_message 
stray_dog

Joined: 18 Mar 2014
Posts: 52

PostPosted: Fri 01 Aug 2014, 18:27    Post_subject:  

Yea, Wired posted an article about this too, here: http://www.wired.com/2014/07/usb-security/ ... it caught my attention because I do like to use a usb Puppy, it's so much smaller than a cd. The comments section seems to have some interesting points - don't know enough about it to know what's what, though. I guess we'll have to see how it all works out & what can be demonstrated.
Back to top
View user's profile Send_private_message 
grump


Joined: 10 Oct 2011
Posts: 104
Location: Melbourne, Oz

PostPosted: Fri 01 Aug 2014, 20:20    Post_subject:  

How does one reprogram firmware? I know I can get 'firmware updates' for devices like my DSLR camera and wireless modem, but I would think that they would be specially designed that way ie some circuitry and a small EPROM to control the circuitry. I imagine that a simple USB stick would have the 'software' hard coded ie in ROM. Please explain.
Back to top
View user's profile Send_private_message 
starhawk

Joined: 22 Nov 2010
Posts: 3210
Location: Everybody knows this is nowhere...

PostPosted: Fri 01 Aug 2014, 21:01    Post_subject:  

ROM != hard wired. (I think that's what you meant by "hard coded".) Hard wired = circuitry fixed in such a way that it doesn't /need/ ROM.

ROM has firmware in it. Firmware = software-on-a-chip. Most ROMs can be written to. You erase the ROM, and then you rewrite it all. (When you erase a ROM chip, you erase the whole chip.)

Flash "ROM" != ROM. Flash memory is actually NVRAM (Non-Volatile RAM, i.e. RAM that doesn't get amnesia at power loss). Flash is an altogether different creature that can be erased and rewritten in parts -- you erase a "block" and rewrite it, sorta like on a hard drive BUT it's not got little spinny bits in it Wink

There is a thing called a Mask ROM or Masked ROM. This is one member of a family of ROMs called "OTP" ROMs (OTP = One Time Programmable) -- it is programmed as it is made in the factory, and it is internally hard-wired so that it cannot be reprogrammed. OTP ROMs are all non-reprogrammable, hence the name.

When you get a firmware update, it comes as a program that loads into RAM, wipes the ROM chip, and then rewrites the ROM chip -- the WHOLE chip for both write and erase.

EPROMs are old as dust, BTW, everyone uses EEPROMs now. No need for the higher voltage requirements of old.

A USB flash drive has a microcontroller in it, that handles communication and storage/allocation type stuff. Look up the 8051 (aka MCS-51) if you want to read about one of the most well-known and well-used microcontrollers -- it's *still* in use, twenty-odd years later, and it's about as rare as sand on a beach. More modern microcontrollers (such as the PIC series by Microchip Tech, and the Atmel ATMega of Arduino fame) have RAM and ROM built in. The ROM is by design reprogrammable in most microcontrollers (to be fair, I have a digitally controlled ceramic heater --or the remains thereof-- with an OTP microcontroller in it). The USB drive almost certainly uses DFU (Device Firmware Update), a mode built into USB for this specific purpose. (Don't bother Wiki-ing that one, the page has two sentences and two links.)

Hope I've been helpful Smile

_________________

Back to top
View user's profile Send_private_message 
grump


Joined: 10 Oct 2011
Posts: 104
Location: Melbourne, Oz

PostPosted: Sat 02 Aug 2014, 07:19    Post_subject:  

Thanks for that explanation.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11182
Location: Arizona USA

PostPosted: Fri 15 Aug 2014, 16:20    Post_subject:  

Most USB thumb drives can be reprogrammed to silently infect computers
Quote:
...a malware program can replace the firmware on a USB device like a thumb drive by using secret SCSI (Small Computer System Interface) commands and make it act like some other type of device, for example, a keyboard...

...One of the attacks involves a USB stick that acts as three separate devices—two thumb drives and a keyboard. When the device is first plugged into a computer and is detected by the OS, it acts as a regular storage device. However, when the computer is restarted and the device detects that it’s talking to the BIOS, it switches on the hidden storage device and also emulates the keyboard...

...For the purpose of exchanging files with other people an SD (Secure Digital) memory card would be a safer choice than a USB thumb drive

Hmm, it's news to me that SD cards actually have some kind of security baked in. I always assumed the "write protect" switch was the security.

So USB flash memory controller manufacturers got together and added some secret commands to the SCSI command set. Nice. Twisted Evil

I found this by googling USB flash controller firmware. I didn't see anything about secret commands that get into the controller or change the firmware though.
Back to top
View user's profile Send_private_message 
Teh Agnostic Anarco

Joined: 17 Sep 2014
Posts: 34

PostPosted: Sat 04 Oct 2014, 12:19    Post_subject:  

grump wrote:
How does one reprogram firmware? I know I can get 'firmware updates' for devices like my DSLR camera and wireless modem, but I would think that they would be specially designed that way ie some circuitry and a small EPROM to control the circuitry. I imagine that a simple USB stick would have the 'software' hard coded ie in ROM. Please explain.


This is nothing new, and stuxnet was just the predecesor of all the crap out there now, even worst are motherboard firmware rootkits

Any piece of hardware that has an EPPROM can be writtten too thats the whole significance of the acroynm Electronically Programable Read Only Memory.....

What the original poster does not seem to see how far the rabbit hole goes....

Its beyond USB, CPU flash memory can also be infected, NIC firmware, GPU firmware and that will really cause mayhem since its uses its own VM inside GPU especially if its high end. I dont want to get into details but look up Dragos Riu and BADbios. All this shit created by western intel agencies. Thats all I can say.
Back to top
View user's profile Send_private_message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11182
Location: Arizona USA

PostPosted: Sat 04 Oct 2014, 16:06    Post_subject:  

The Unpatchable Malware That Infects USBs Is Now on the Loose - Wired
Quote:
... Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. Other firmware tricks demonstrated by Caudill and Wilson would hide files in that invisible portion of the code, or silently disable a USB’s security feature that password-protects a certain portion of its memory...

If that's all it is, couldn't the firmware in any USB flash memory controller be just as easily replaced with trusted code provided by the open source community? This may require a special piece of hardware the USB memory would be plugged into, so making sure your USB devices are safe might not be free. You'd just send them in to the NSA and for a small fee, they install their firmware. Twisted Evil
Back to top
View user's profile Send_private_message 
Teh Agnostic Anarco

Joined: 17 Sep 2014
Posts: 34

PostPosted: Mon 27 Oct 2014, 21:01    Post_subject:  

Flash wrote:
The Unpatchable Malware That Infects USBs Is Now on the Loose - Wired
Quote:
... Caudill and Wilson reverse engineered the firmware of USB microcontrollers sold by the Taiwanese firm Phison, one of the world’s top USB makers. Then they reprogrammed that firmware to perform disturbing attacks: In one case, they showed that the infected USB can impersonate a keyboard to type any keystrokes the attacker chooses on the victim’s machine. Because it affects the firmware of the USB’s microcontroller, that attack program would be stored in the rewritable code that controls the USB’s basic functions, not in its flash memory—even deleting the entire contents of its storage wouldn’t catch the malware. Other firmware tricks demonstrated by Caudill and Wilson would hide files in that invisible portion of the code, or silently disable a USB’s security feature that password-protects a certain portion of its memory...

If that's all it is, couldn't the firmware in any USB flash memory controller be just as easily replaced with trusted code provided by the open source community? This may require a special piece of hardware the USB memory would be plugged into, so making sure your USB devices are safe might not be free. You'd just send them in to the NSA and for a small fee, they install their firmware. Twisted Evil


That is IF your USB manufacturer even provides new firmwares. 2nd of all most of these viruses/rootkits are "smart" enough to survive a flash. They know when they are being flashed and copy themselves to another piece of memory most of time RAM and then just go right back in making it an endless loop cycle. Unless the one remote posibility is flashing to a previous or newer firmware with different code which the virus is not intended for and is not able to replicate itself again but yet again this is military grade sh1t were talking about here so that might be a false sense of security.
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 1 of 1 Posts_count  
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0830s ][ Queries: 12 (0.0061s) ][ GZIP on ]