The Fundamental Insecurity of USB
This is pretty impressive:
Most of us learned long ago not to run executable files from sketchy USB sticks. But old-fashioned USB hygiene can’t stop this newer flavor of infection: Even if users are aware of the potential for attacks, ensuring that their USB’s firmware hasn’t been tampered with is nearly impossible. The devices don’t have a restriction known as “code-signing,” a countermeasure that would make sure any new code added to the device has the unforgeable cryptographic signature of its manufacturer. There’s not even any trusted USB firmware to compare the code against.
The element of Nohl and Lell’s research that elevates it above the average theoretical threat is the notion that the infection can travel both from computer to USB and vice versa. Any time a USB stick is plugged into a computer, its firmware could be reprogrammed by malware on that PC, with no easy way for the USB device’s owner to detect it. And likewise, any USB device could silently infect a user’s computer.
These are exactly the sorts of attacks the NSA favors.
EDITED TO ADD (8/14): Good writeup. Slides from BlackHat talk.
Spaceman Spiff • July 31, 2014 3:03 PM
AFAIK, this is how the Stuxnet virus was propagated to the Iranian nuclear enrichment facilities. So, not new, but now better understood.