Slashdot Mirror
System Exploitable With USB
Anonymous Coward writes "Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device." From the article: "The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics."
Computers with physical access are susceptible to "unintended root-level access".
Perl - $Just @when->$you ${thought} s/yn/tax/ &couldn\'t %get $worse;
Sadly enough it is not at all suprising that Slashdot immediately goes for the anti-Windows slant rather than actually reading and comprehending the article and exploit in question. Too few actual axploits in Windows as of late to get up to the required quota perhaps?
In a more direct comment about the "exploit" I don't consider it terribly important, hardware access leads to a lot of trivial expoits. This one can be made more user-friendly than most with appropriate hardware, but it is not really worse than just inserting a boot CD that copies the relevant data to a secure server or so. It can also of course easily be fixed by disallowing loading of USB drivers without confirmation from the user.
USB flash drives are already quite highly accepted amongst non-technical users; both my parents have bought pendrives, as have many of my friends. They're quite comfortable with just popping in the drive, waiting for the OS to see it, and grabbing files off it.
So, what if someone handed them a pendrive and asked them to grab some files from it, and it turns out that this pendrive would cause an attack like this? One could be switched by a black-hat, or planted, or mailed... put simply, the attacker wouldn't need physical access, just access to someone who does.
And tomorrow the stock exchange will be the human race
Yeah, right, good ol' MS way: it's not the software's fault, it's not Windows's fault, it's USB's fault. We makes ze great softwere, you makes ze bad hardwere.
I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.
How about this: I lend my usb key to you so that you can transfer a file. While connected to your system the usb device cracks the security on your windows box and grabs the information I was looking for.
I don't need access to your system for that to work. I don't even have to know where it is. I have a usb key/mp3 player device which will let me reflash the firmware, so perhaps I could put the exploit in that way.
http://michaelsmith.id.au
Well there's an easy way to find out... try the exploit on OSX and Linux. I think it's quite significant that the article completely fails to mention any OS other than Windows.
:-)
In a way, I hope the identical problem is present in all of Win/Lin/OSX, as it would give us a very nice way to compare how good and quick the fixes are. I'm not too worried that Microsoft have a headstart on a fix
A pizza of radius z and thickness a has a volume of pi z z a
Given enough time and resources, I have physical access to anything. If your computer is in a locked case, is that physically secure? In a lab that is always staffed? Behind a locked door? With a guard?
For many situations, a computer with a locked case in a room that is staffed is considered "physically secure", as it's not likely that you'll break the physical security (lock on the case) without attracting the attention of the staff. Hell, even a computer in a staffed room in a case that has screws on it is fairly physically secure. The USB problem circumvents the physical security.
Security is all about deterrent. My apartment has a dead bolt lock on the door. Does this mean it's impossible to break into my apartment? Of course not - it just makes it harder.
Being able to break security on a locked computer with a USB drive is like leaving the key to your apartment under your door mat.
paintball
If it's a buffer overflow, then it's a software bug, not a problem with USB per se.
If it's a vulnerability in a driver, then it doesn't matter if Microsoft didn't write the driver, if they ship it with Windows, they are responsible for it. There's no useful distinction between "Windows" and the drivers that ship as part of Windows.
The flaw is with drivers within windows, not the USB protocol. USB does its job, it says, "hey, I got this device on the server, its name is 8086:3429 and its a high speed device. Windows says, "okay, yeah, whatever" and starts accepting data. Unfortunately, drivers are an area where secure programming really hasn't caught on as well as it should, after all, their hardware never misbehaves and starts spewing out nonsense, right? ;3
Marxism is the opiate of dumbasses
From TFA:
So how can it be in all usb drivers?
http://michaelsmith.id.au
> Except that someone might have noticed their Windows 95 system :-)
> being rebooted... oh *wait*
Exactly. They might notice, but nobody's going to bat an eye. Frankly, most folks wouldn't bat an eye if they saw WinXP being rebooted either, not because it's necessary nearly as often but because people do it constantly anyway, because they've been conditioned that way. About half the population instinctively reboots at the first sign of abnormality, e.g., if the website they're trying to visit doesn't resolve because they mistyped the URI. It's likely to take a very long time for this expectation to change.
Cut that out, or I will ship you to Norilsk in a box.
How did this get modded insightful? Obviously you AND the mods did not read the article and have absolutely no idea what's going on here.
First of all there is only one USB subsystem driver for Windows. That's not actually technically correct since there are drivers for the various USB control architectures (such as UHCI, OHCI, EHCI), but they use are a small part of a larger unified USB subsystem driver.
I suspect you mistakenly thought the article was talking about the individual usb device drivers (for things like gamepads, cameras, printers, etc).
This is not what's happening at all. This is a Windows vulnerability, and actually has absolutely nothing to do with USB, other than it affects the USB subystem of the Windows (and only Windows) operating system.
There's a buffer overflow in the USB system, which allows any properly designed device to be plugged into a locked Windows computer, and execute arbitrary code (ie unlock the machine, etc).
You may think this isn't a big deal, but this is a huge deal. You can pick up USB dev kits for a couple hundred bucks that come with an FPGA, flash rom, and more. Basically for the price of one of these devices you could theoretically walk into any place where you can gain physical access to a Windows machine, and pwn it.