Story 2014-08-01 3S5 USB vector for computer viruses

USB vector for computer viruses

in security on (#3S5)
story imageAn interesting discussion appeared on MacRumors today pointing to the work of security researcher Karsten Nohl of Berlin's SR Labs. He has discovered an attack vector exploiting the firmware of generic USB devices. It appears that with the vector involves reprogramming the USB controller software for arbitrary devices which can than emulate other devices to cause a large variety of undesired outcomes (such as emulating a keyboard to type on behalf of a user or spoofing a network card and redirecting web traffic). At present, this attack vector appears to be impossible to prevent or detect with existing software-only security measures. A more detailed discussion of Nohl's work and the associated risk are available from Wired or the SR Labs website itself.

A notable quote from the Wired article:
"Blaze speculates that the USB attack may in fact already be common practice for the NSA. He points to a spying device known as Cottonmouth, revealed earlier this year in the leaks of Edward Snowden. The device, which hid in a USB peripheral plug, was advertised in a collection of NSA internal documents as surreptitiously installing malware on a target’s machine. The exact mechanism for that USB attack wasn’t described. I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue....The alternative is to treat USB devices like hypodermic needles."
Reply 1 comments

OS support? (Score: 0)

by Anonymous Coward on 2014-08-08 13:37 (#2SB)

I understand a USB device can pretend to be many different devices, but OSes have to support those features. I don't think a USB device can just say its a network jack and hijack my existing routing that I've set up ( on a SE Linux system). I'm just going to have to assume that some of those tactics are os dependent.