Posted on 10/05/2014 8:51:31 PM PDT by TChad
Because we just don't already have enough tech security problems to worry about, computer science researchers have just published a potentially catastrophic security exploit.
(Excerpt) Read more at ajc.com ...
Gonna have to figure out a way to lock down USB ports but still find a way to allow people to use them.
I will admit, with the prevalence of network shares, I haven’t used a USB drive in the heat of a struggle for years.
This hack has been known for years.
All USB devices have a micro-controller (CPU) and you can hack the code that it runs.
Typically a USB thumb drive has a 100mhz ARM processor running it. When you plug one into your PC you are plugging a small computer into your big computer and trusting that the ARM in the thumb drive has not been tampered with.
It’s quite easy to modify a thumb drive to do all sorts of stuff. You can stick in a tiny SM oscillator and key it on/off with an ARM I/O pin and send data to a remote receiver nearby....this is one of the easier hacks.
You can reprogram the ARM to make a 64GB thumb drive look like a 32GB drive and save data on the hidden 32GB that the user cannot erase.
SATA hard drives also have a controller on board that can be tampered with.
This problem is being called “unpatchable.” I hope that’s wrong.
I’m wondering what it is of mine that they will find so interesting that they would want to hack it,
Your use of the USB drive is completely dependent on the microcontroller in the USB drive. You have to accept that it's doing what you want -- you can't "patch" anything to avoid it doing its thing, good or bad. At least, you can only try to block the bad behavior you can anticipate. The Bad Guys are always one step ahead.
The only way to totally avoid the problem is to avoid using USB drives. Otherwise it's endless cat-and-mouse.
It's a problem, but so far it hasn't been a prevalent problem because it's rather difficult to exploit. However, the Bad Guys are highly motivated.
This sounds like a marketing response to security issues in the cloud.
THIS GUY.
To be fair, every hard drive ever made had a controller attached to it. This is not new. If there's no controller, then it's a floppy or optical drive. Anything with non-volatile storage (i.e. not RAM) has a controller of some type attached to it.
This is already spawning a large number of policies in corporations to restrict USB disk access. As an engineer and solutions architect, this is no big deal, because we don't use USB drives that often anymore with cloud computing and high speed Internet connectivity. This does, however, make offloading of secure data somewhat perilous if you're paranoid and keep things like TPM-generated private keys on USB drives in your safe deposit box or even home fire safe.
I’m pretty sure USB ports can be disabled within the BIOS on most machines. That would be the thing to do within a corporate environment, in many cases. Such a thing would be a hassle on a home computer, except for a computer used by children, perhaps.
This is a VERY bad exploit. The potential severity of this can not be overstated.
Agreed. I am in IT in a medical environment, and I could see someone walking up to a high-end workstation and just putting a specially made USB drive into a port (nobody ever looks to see if one is there when they login) and just walking away.
I also work in Healthcare IT(network admin - well that’s my title but I really do EVERYTHING), and I was thinking of the mobile workstations that are often left in hallways or sometimes in patient rooms where just anyone can walk up and get physical access. We have the machines locked within the carts they’re mounted on, but someone could get to the machines if they REALLY wanted to.
There are also many offices that are open, publicly accessible, and frequently left empty. Someone could EASILY walk in there and connect to a USB port in just a few seconds. Of course, if your network/system is setup right, it SHOULDN’T matter what happens on a local workstation, as the bad code would begin and end there. However, if it’s a workstation that handles sensitive information, a considerable amount of damage could be done.
Exactly right. We see it the same way. I feel that we have an additional burden...if the workstations go down, a surgeon could be up to their elbows in guts...
The Cloud have security issues?"
whodathought??
If it is in the firmware, that would probably necessitate a redesign...
Yep. For the doubters: what happens when you stick a USB thumb into your computer? That little message, "loading device driver" or somesuch? That's the attack vector. And if you expect to read the drive you don't turn it off.
There will be, I am sure, a market for a device driver scanner that stands between you and this exploit and uses signature files like an antivirus app, and if this story serves to hurry it along, so much the better.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.