Author

Topic: Why the Security of USB Is Fundamentally Broken (Read 1215 times)

full member
Activity: 195
Merit: 100
The main point of the article is it is more than USB sticks - which are expected to potentially contain malware. Any USB device (mouse, network, keyboard) can theoretically be configured with malware. These "nonstick" devices are typically not evaluated for malware and the embedded firmware executes on connection.

That is, however, a very sophisticated attack because the attacker has to get their their malware into the device.

Made in China anyone?
DrG
legendary
Activity: 2086
Merit: 1035
You could always use an ancient USB drive with a flash area so small that the "upgraded" firmware could not be put on there.  Kind of like how dumbphones might actually be smarter for security purposes.
hero member
Activity: 672
Merit: 504
a.k.a. gurnec on GitHub
This has actually been done before, but not to the extent that the new researchers have reached.

The basic moral of the story is "don't let someone else plug something into your PC, it might be dirty." (this rule works IRL, too, if you  s/your PC/you/  Wink)

In other words, if you're using a USB stick to bridge the air gap, make sure it's one you bought yourself from a reputable seller, and then you'll probably be OK. I say probably because in theory, if your online PC is compromised, there are some USB sticks whose firmwares could be reprogrammed turning a clean USB stick into a dirty one.

It will be interesting to see if any malware in the future tries to do this automatically....

There was a thread that talked about this not too long ago: Offline wallet - USB key alternatives - security concerns
hero member
Activity: 602
Merit: 500
I think this is the original article in the german monthly "DIE ZEIT"

http://www.zeit.de/digital/datenschutz/2014-07/usb-controller-chip-angriff-srlabs

As I understand it, a  german security Research Group has developed a kind of possible attacks by USB Sticks .
but they are not "on the market"
It is just a result of a scientific security Research.
But I am waiting for Armory devs reply
member
Activity: 205
Merit: 10
Implications for Armory cold storage methods?

Why the Security of USB Is Fundamentally Broken

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

Full Wired.com article is here:

http://www.wired.com/2014/07/usb-security/

Thoughts?
Jump to: