Info & Security News

Discovery: USB Can Be UNSAFE

posted on
Discovery: USB Can Be UNSAFE

A relatively new, but dangerous, attack vector to worry about! Just what you need...

But considering that you can lose your system to specially crafted firmware on USB devices as soon as you connect them to your computer, you should pay attention. 

Due to the nature of the USB "self discovery" processing, it is possible to infect your computer with malware by merely inserting an attacker-crafted USB device into any of your computer's USB ports. 

There are (at least) two ways that a USB device can infect your computer by just "plugging it in" to a USB port.

The "old" way (that has been known for some time) places malicious code onto the device, and points to the malicious code in the "autorun.inf" file (or autoplay, for newer versions of Windows).  The PC then runs the code "automatically" when you plug the USB device into your computer, and your PC is infected by this code.

If you are a member of a domain, you CAN disable the autorun/autoplay  feature of PCs via registry/GPO ( ). 

If instead you are a "home" user and have access to an administrator account, you can click the "start" button, type "autoplay" into the "search all programs and files" window, and select AutoPlay (Windows 7).  From there, you can set different devices individually to run/not AutoPlay programs.

However, the "new" attack modifies the firmware code on the USB device - usually a memory stick - so that you cannot stop it from running when the device is inserted. Presenters at a Las Vegas conference demonstrated a proof of concept attack by inserting a USB memory stick that contained the malware in the "firmware" code that is automatically run to identify the specifics of the device to the computer. This "feature" cannot be turned off, as it is designed to allow the device to identify itself to Windows, and supply all required parameters (and sometimes device drivers) to allow Windows to operate the device.

If you find a USB device "laying around" - DO NOT plug it into your computer - you don't know where it's been...  

sah Ω

Categories: | Tags: articles | View Count: (10480) | Return