USB coffee-cup warmer could be stealing your data
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: USB coffee-cup warmer could be stealing your data

  1. #1
    HYBR|D
    Guest

    USB coffee-cup warmer could be stealing your data

    ARE you sure that the keyboard or mouse you are using today is the one that was attached to your computer yesterday? It might have been swapped for a compromised device that could transmit data to a snooper.

    The problem stems from a shortcoming in the way the Universal Serial Bus (USB) works. This allows almost all USB-connected devices, such as mice and printers, to be turned into tools for data theft, says a team that has exploited the flaw.
    Welcome to the murky world of the "hardware trojan". Until now, hardware trojans were considered to be modified circuits. For example, if hackers manage to get hold of a microchip when it is still in the factory, they could introduce subtle changes allowing them to crash the device that the chip gets built into (New Scientist, 1 July 2009, p 18).

    Computer engineers John Clark, Sylvain Leblanc and Scott Knight at the Royal Military College of Canada in Kingston, Ontario, wondered if a hardware trojan attack could be carried out by other means. They calculated that the easiest way to introduce a hardware trojan might be via a computer's USB ports.

    The trio found they could exploit a weakness in USB's plug-and-play functionality. The USB protocol trusts any device being plugged in to report its identity correctly. But find out the make and model of a target user's keyboard, say, swap it with a compromised device that reports the same information - and that doesn't even have to be a keyboard - and the computer won't realise.
    Swap a USB keyboard for a device that reports the same model number, and the computer won't know
    The team designed a USB keyboard containing a circuit that successfully stole data from the hard drive and transmitted it in two ways: by flashing an LED, Morse-code style, and by encoding data as a subtle warbling output from the sound card (Future Generation Computer Systems, DOI: 10.1016/j.future.2010.04.008). They could have chosen more efficient methods to transmit the data, such as email, but Leblanc says their main goal was to see if they could steal data without anyone noticing.

    "We've shown any USB device could contain a hardware trojan," he says. Security software, if it checks USB devices at all, tends to look only for malware on USB memory sticks.

    "This work opens many cans of worms," says Vasilios Katos, a computer scientist at the Democritus University of Thrace in Greece. "A USB device cannot now be trusted - it may have hidden processing capabilities." He's right, says Leblanc. "You could mount a hardware trojan attack with a USB coffee-cup warmer."

  2. #2
    HYBR|D
    Guest
    Woops, forgot to include the Source.

    Code:
    http://www.newscientist.com/article/mg20727676.300-usb-coffeecup-warmer-could-be-stealing-your-data

  3. #3
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    also be careful where you stick your USB!
    http://risky.biz/big-wirus

    PNP have given us a plethora of hilarious exploits. One of my favorites is a bank VP receiving a free palm pilot randomly and then plugging it into his computer, which then became infected all of a sudden >.< Sigh, most people will say 'if I see a USB stick on the ground I will take it home and plug it in.' Making road apples a very efficient way to grab a random box >.<

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    It looks as if the mitigating factor is the need for physical access as well as the right skills and equipment.

    I haven't read anything about it recently, but there have been several articles on the potential for firmware trojans (CD/DVD/HDD/Videocard). I believe that this could be done remotely?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Quote Originally Posted by SnugglesTheBear View Post
    also be careful where you stick your USB!
    Your post wasn't EXACTLY what I thought first when I read that statement, but I think the end result is more or less the same. Brings a new thought to Butt Plugs though doesn't it?
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Hello everyone

    Very interesting indeed. Now i have a nooby question regarding this. Would this threat affect 'any' OS by default? Or would it be like viruses, that have to be individually created for a specific OS? This also might be affected by what kind of data is to be collected (hence a NIC might be different from a keyboard) etc....

    Bottom line (to be a bit selfish here), would a slackware system be affected by the contents of this article, or would it have to be a very custom hardware device specifically 'for' slackware?

    In addition... what do you folks recomend as a countermeasure?

    Cheers.
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Senior Member SnugglesTheBear's Avatar
    Join Date
    Jun 2010
    Posts
    133
    Plug n Play is the main culprit. As long as you are not running that, you should be okay. Slackware by default does not have PnP running I do believe.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hmmmmm,

    Most of the answer is physical security and vigilance. For a human interface device you should notice that it has been substituted by a new one? and it would be nearly impossible to exactly match the individual characteristics that they soon pick up. Also a lot of my stuff would be hard for an attacker to find, either because of its age or obscure manufacturer.

    As we are talking about hardware and firmware; then anything that will run on your system or in your environment will also run the malware as soon as it gets recognised by the BIOS. The mitigation here would be that as you are not running FAT* or NTFS, it probably wouldn't be able to do much, unless it can phone home or you have poor physical security that lets people at your systems unattended and with the ability to launch bootable media.

    My basic point is that we are talking about the hardware level interface here, not the OS/application (user) level one, so Slackware won't protect you, even by obscurity.

    A great mitigation is the fact that malware authors are percentage players and always go for the low hanging fruit. Most of the attacks we are discussing (apart from PnP) are just too much effort for them IMO.

    Mostly I guess that this sort of stuff belongs in the realms of theoretical research, rather than real life, but I would be slightly more wary of publicly accessible systems nowadays?

    Just my £0.01
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Banned
    Join Date
    Jan 2008
    Posts
    605
    Every country pays off some gook to sabotage parts. They do everything from adding extra undocumented opcodes to processors to adding lead based paints to foods. Anyone who uses these parts to create some "super-dooper secret usb spy device" would be an idiot.

  10. #10
    Banned
    Join Date
    Jan 2008
    Posts
    605
    When you see a James Bond movie... don't you ever find it funny how he carrys a swiss watch with lasers pointed at his wrists? Or drives these American/german sports cars that mysteriously explode on impact?

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 01:51 PM
  2. Port List
    By ThePreacher in forum Miscellaneous Security Discussions
    Replies: 17
    Last Post: December 14th, 2006, 08:37 PM
  3. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 07:38 PM
  4. Information Leakage from Optical Emanations
    By E5C4P3 in forum Miscellaneous Security Discussions
    Replies: 5
    Last Post: March 7th, 2002, 06:35 AM
  5. Traceroute: under the hood
    By antihaxor in forum Non-Security Archives
    Replies: 0
    Last Post: January 24th, 2002, 04:42 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides