C USB-device connector - stick, mouse, keyboard - can be used to break into a computer, say security experts of SR Labs. And it is not that flash on the carrier will be recorded malware. A potential new class of attacks against which existing defenses are useless, Karsten Nohl and found Jakob Lell of Berlin SR Labs, reports Iksmedia.
The problem here is deeper, associated with the very principle of USB-devices, experts told.Available in these controllers - chips that control their work - can be reprogrammed, and malicious code is hidden, then it will infect computers that will connect these devices, the researchers explain. It is about all mobile and desktop operating systems. What is essential to themselves chips initially does not provide any protection code. "You can not determine where it came from virus - said Nohl. - It's almost a magic trick. "
Researchers from the SR Labs conducted experiments with these attacks, record your own malicious code (they called it BadUSB) on USB-flash drives and memory chips for smartphones. Being connected to a computer, USB-device reprogrammed can emulate keyboard to execute commands on behalf of the user, such as delete files or install programs. Recorded thereon malicious code can, in turn, infect other devices that will be connected to the same computer. Finally, he is able to change the DNS settings of the computer to an external server redirecting incoming traffic on it.
Researchers are going to make a report about a new threat, providing evidence of a fundamental breach of security USB, at the upcoming Black Hat conference in Las Vegas (their presentation will be called «Bad USB - On Accessories that Turn Evil»).
According to Nola, he would not be surprised to learn that the intelligence agencies, for example National Security Agency, has already figured out how to organize such an attack. A year ago, writes Reuters, Nohl presented at Black Hat results of a study of methods of remote hacking SIM-card mobile phones. And in December of the data released by Edward Snowden found that intelligence used to spy on a similar technique.
Effective protection against USB-attacks yet, according to SR Labs. Safety equipment such as antivirus scanning software only recorded in the computer memory, and do not have access to the firmware that controls the work of USB-devices. Firewalls blocking certain class of devices does not exist yet. Clear septic system will also be very difficult.
The study Nola and Lele is one thing, experts say, which makes listening to their conclusions without considering their arguments just theorists. The fact that the contamination can be directed in both directions: from the USB as a computer, and vice versa. Each time the device is included in the USB-port of the computer, the firmware on it can be rewritten by malicious code, located on the PC and the device owner will be difficult to detect it. Similarly, any USB-device can infect any computer. "It works both ways - says Nohl. - You can not trust anyone. "