USB devices such as keyboards, thumb-drives and mice can be
used to hack into personal computers in a potential new class of attacks
that evade all known security protections, a top computer researcher
revealed on Thursday.
Karsten Nohl, chief scientist with Berlin's SR Labs, noted that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.
"You cannot tell where the virus came from. It is almost like a magic trick," said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.
Karsten Nohl, chief scientist with Berlin's SR Labs, noted that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.
"You cannot tell where the virus came from. It is almost like a magic trick," said Nohl, whose research firm is known for uncovering major flaws in mobile phone technology.
The finding shows that bugs in software used to run tiny
electronics components that are invisible to the average computer user
can be extremely dangerous when hackers figure out how to exploit them.
Security researchers have increasingly turned their attention to
uncovering such flaws.
Nohl said his firm has performed attacks by writing malicious code onto USB control chips used in thumb drives and smartphones. Once the USB device is attached to a computer, the malicious software can log keystrokes, spy on communications and destroy data, he said.
Read MoreBackoff! Feds warn stores about undetectable malware
Computers do not detect the infections when tainted devices are inserted because anti-virus programs are only designed to scan for software written onto memory and do not scan the "firmware" that controls the functioning of those devices, he said.
Nohl and Jakob Lell, a security researcher at SR Labs, will describe their attack method at next week's Black Hat hacking conference in Las Vegas, in a presentation titled: "Bad USB—On Accessories that Turn Evil."
Thousands of security professionals gather at the annual conference to hear about the latest hacking techniques, including ones that threaten the security of business computers, consumer electronics and critical infrastructure.
Read MoreHackers steal data from 1,000 StubHub accounts
Nohl said he would not be surprised if intelligence agencies, like the National Security Agency, have already figured out how to launch attacks using this technique.
Last year, he presented research at Black Hat on breakthrough methods for remotely attacking SIM cards on mobile phones. In December, documents leaked by former NSA contractor Edward Snowden demonstrated that the U.S. spy agency was using a similar technique for surveillance, which it called "Monkey Calendar."
An NSA spokeswoman declined to comment.
Read More How hackers find a way to outwit online bank locks
SR Labs tested the technique by infecting controller chips made by major Taiwanese manufacturer, Phison Electronics, and placing them in USB memory drives and smartphones running Google Android operating system.
Alex Chiu, an attorney with Phison, told Reuters via email that Nohl had contacted the company about his research in May.
Nohl said his firm has performed attacks by writing malicious code onto USB control chips used in thumb drives and smartphones. Once the USB device is attached to a computer, the malicious software can log keystrokes, spy on communications and destroy data, he said.
Read MoreBackoff! Feds warn stores about undetectable malware
Computers do not detect the infections when tainted devices are inserted because anti-virus programs are only designed to scan for software written onto memory and do not scan the "firmware" that controls the functioning of those devices, he said.
Nohl and Jakob Lell, a security researcher at SR Labs, will describe their attack method at next week's Black Hat hacking conference in Las Vegas, in a presentation titled: "Bad USB—On Accessories that Turn Evil."
Thousands of security professionals gather at the annual conference to hear about the latest hacking techniques, including ones that threaten the security of business computers, consumer electronics and critical infrastructure.
Read MoreHackers steal data from 1,000 StubHub accounts
Nohl said he would not be surprised if intelligence agencies, like the National Security Agency, have already figured out how to launch attacks using this technique.
Last year, he presented research at Black Hat on breakthrough methods for remotely attacking SIM cards on mobile phones. In December, documents leaked by former NSA contractor Edward Snowden demonstrated that the U.S. spy agency was using a similar technique for surveillance, which it called "Monkey Calendar."
An NSA spokeswoman declined to comment.
Read More How hackers find a way to outwit online bank locks
SR Labs tested the technique by infecting controller chips made by major Taiwanese manufacturer, Phison Electronics, and placing them in USB memory drives and smartphones running Google Android operating system.
Alex Chiu, an attorney with Phison, told Reuters via email that Nohl had contacted the company about his research in May.
"Mr. Nohl did not offer detailed analysis together with
work product to prove his finding," Chiu said. "Phison does not have
ground to comment (on) his allegation."
Chiu said that "from Phison's reasonable knowledge and belief, it is hardly possible to rewrite Phison's controller firmware without accessing our confidential information."
Similar chips are made by Silicon Motion Technology and Alcor Micro. Nohl said his firm did not test devices with chips from those manufacturers.
Read More Secret Service warns on hotel biz center computers
Google did not respond to requests for comment. Officials with Silicon Motion and Alcor Micro could not immediately be reached.
Nohl believed hackers would have a "high chance" of corrupting other kinds of controller chips besides those made by Phison, because their manufacturers are not required to secure software. He said those chips, once infected, could be used to infect mice, keyboards and other devices that connect via USB.
"The sky is the limit. You can do anything at all," he said.
Chiu said that "from Phison's reasonable knowledge and belief, it is hardly possible to rewrite Phison's controller firmware without accessing our confidential information."
Similar chips are made by Silicon Motion Technology and Alcor Micro. Nohl said his firm did not test devices with chips from those manufacturers.
Read More Secret Service warns on hotel biz center computers
Google did not respond to requests for comment. Officials with Silicon Motion and Alcor Micro could not immediately be reached.
Nohl believed hackers would have a "high chance" of corrupting other kinds of controller chips besides those made by Phison, because their manufacturers are not required to secure software. He said those chips, once infected, could be used to infect mice, keyboards and other devices that connect via USB.
"The sky is the limit. You can do anything at all," he said.
Once a computer is infected, it could be programmed to infect all USB devices that are subsequently attached to it, which would then corrupt machines that they contact.
"Now all of your USB devices are infected. It becomes self-propagating and extremely persistent," Nohl said. "You can never remove it."
Read MoreWhy cyber-insurance will be the next big thing
Christof Paar, a professor of electrical engineering at Germany's University of Bochum who reviewed the findings, said he believed the new research would prompt others to take a closer look at USB technology, and potentially lead to the discovery of more bugs. He urged manufacturers to improve protection of their chips to thwart attacks.
"The manufacturer should make it much harder to change the software that runs on a USB stick," Paar said.
No comments:
Post a Comment