Olympus-OM
[Top] [All Lists]

Re: [OM] The scariest computer security problem I've ever seen

Subject: Re: [OM] The scariest computer security problem I've ever seen
From: Chuck Norcutt <chucknorcutt@xxxxxxxxxxxxxxxx>
Date: Mon, 06 Oct 2014 18:00:13 -0400
I believe all of the devices that were tested proved to be updatable. I think we should assume that most of them are as it's very difficult to prove otherwise. A very large number of them are made by the same company.

I understand your point about Linux and iOS security being better than that of Windows but your point is only valid if the OS is running. An infected USB device that's controlled initially by the BIOS may be up and running before the machine is booted. That USB device may replace the boot sector on the boot device before the OS ever starts. So I'm not so sure that Linux and Mac users should be confident they're free and clear. I hope your view is correct but I'm not at all sure that it is.

Chuck Norcutt


On 10/6/2014 11:43 AM, Scott Gomez wrote:
The question for end users of the devices--of any USB device--is whether
the device is updatable. If it is, it is unsafe to use unless it has been
used only on your own machine AND you know that your own machine has never
been compromised with code that rewrites USB.

One of the things mentioned in the video was that for Linux systems, they
were unable to infect anything other than user space. The attack would be
considerably more difficult there, as an attacker would have to install
executables to act on logged keystrokes, then attempt to elevate privileges
once the password is known. (A determination I think would be difficult to
make automatically)

The same should be true of Macintosh machines, for the most part, as both
Linux and Macintosh use the more robust security model descended from Unix.

In the Linux and OS/X worlds, a USB exploit would have to somehow install a
keylogger, and compromise the network (change DNS, add a controller, etc),
and then communicate back to a human to examine the key logs in order to
escape user space. On my system, for example, the network cannot be changed
without elevated privileges. So while the keylogger injection would likely
succeed, how would data from that logged session get sent back? Security
software would not allow creation of a network session that is not attached
to an existing process, nor could the malware modify existing software
without already having determined how to elevate privileges.

Windows, as ever, is an easier nut to crack.
On Oct 6, 2014 6:37 AM, "Chris Trask" <christrask@xxxxxxxxxxxxx> wrote:


And now, having watched it, I agree with the conclusion of the presenters:
the only way to prevent this is to provide a hardware fuse that is opened
in manufacturing, before the device is shipped, to prevent reprogramming.
Of course, that simply shifts the burden of security to the
manufacturers...


      I'm surprised that they don't do this already.

      Is this problem true for ALL USB flash drives, or is it something
new?  I only use the older USB 1.0 Memorex flash drives so I can go between
the WinXP laptop, the office Win98/SE machines, and the continunally
updated ASU library computers.


Chris

When the going gets weird, the weird turn pro
      - Hunter S. Thompson
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/


--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/

<Prev in Thread] Current Thread [Next in Thread>
Sponsored by Tako
Impressum | Datenschutz