Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking USB Firmware

Posted by timothy on from the fun-profit-what's-the-difference dept.

An anonymous reader writes Now the NSA isn't the only one who can hack your USB firmware: "In a talk at the Derbycon hacker conference in Louisville, Kentucky last week, researchers Adam Caudill and Brandon Wilson showed that they've reverse engineered the same USB firmware as Nohl's SR Labs, reproducing some of Nohl's BadUSB tricks. And unlike Nohl, the hacker pair has also published the code for those attacks on Github, raising the stakes for USB makers to either fix the problem or leave hundreds of millions of users vulnerable." Personally, I always thought it was insane that USB drives don't come with physical write-protect switches to keep them from being infected by malware. (More on BadUSB here.)

4 of 97 comments (clear)

  1. Signed Firmware by Microlith · · Score: 4, Insightful

    A write-protect switch won't help you here, Timothy. They're going and reflashing the microcontroller, which means vendors will probably just burn a public key into the microcontroller and refuse to boot if the image signature doesn't match. They'll still have the firmware update capability they'll never use, but won't have to worry about attacks like this - short of someone stealing their private key.

    1. Re:Signed Firmware by Anonymous Coward · · Score: 4, Insightful

      Firmware signing will help that vector but that's only one type of threat.

      Your average USB/SD/whaterver flash storage device contains an interface/flash controller SoC that has 100(ish)mhz 32bit arm/mips core, some ram, and it's own embeded flash.

      These things are made by the millions every day, as cheaply as possible. They then go in to devices users jam in to every available port on their computers without a second thought.

      Anyone who's remotely aware of what computing security is all about knows what this means. You can't trust USB devices. Your hardware and OS /must/ treat them as hostile. You are effectively interfacing unknown/untrusted/un-auditable computer systems with trusted ones.

      Any flash device could carry hidden code you can't audit, and it's being given physical access to user's computers as a matter of of course. A few changed lines of code could turn a factory programming process in to a mass exploit vector.

      How secure do you think your OS's USB stack is? How will it behave if, say, that flash drive re-initializes itself as a composite device with an HID keyboard/mouse and starts spitting out commands? How do your tell your computer to only obey input from authorized keyboards and mice? A USB device can present itself as just about anything. Input, network interface, storage device...

  2. Re:Write protect switch. by Anonymous Coward · · Score: 3, Insightful

    placebos are great aren't they

    that write protect switch is likely something enforced by the firmware, and likely not something that can enforce writing to the firmware

  3. Severity not understood by media or most people by fuzzyf · · Score: 3, Insightful

    This is slashdot and even here many people do not understand what this is all about.
    People tend to think it's only a virus that is written to a flashdrive and it's not really that new or big of a threat, or that someone will create a usb-"firewall".

    The fact that this vulnerability can be exploited in so many different ways, and even be persistent on a computer after infection (internal usb devices like webcam can be infected) makes it almost impossible to mitigate