Hackers may use USB to carry out new network attacks

Hackers can use USB devices such as mice, keyboards and thumb drives to break into personal computers, a top computer researcher revealed Thursday. It's a new type of attack that defeats all known security protections. Karsten Nohl, chief scientist at SR Labs in Berlin, Germany, said hackers can download malware to small, low-cost chips to control the functions of USB devices, which have no built-in firewalls to prevent code tampering. "You can't tell where the virus came from. It's like magic," said Nohl, whose research team is known for uncovering major technical flaws in mobile phones. The discovery shows that software flaws in tiny electronic components are invisible to ordinary computer users, but once hackers know how to exploit them, the consequences are disastrous. Security researchers have increasingly turned their attention to studying these flaws. Nohl said his team has simulated cyberattacks by writing malicious code to USB control chips used in thumb drives and smartphones. Once the USB device is connected to a computer, the malware can record keystrokes, spy on communications and destroy data. Nohl also revealed that when the contaminated devices are plugged into personal computers, the computers are not detected as infected because antivirus programs only scan software written to memory, not the "firmware" used to control the functions of devices such as USB. Nohl and SR Labs security researcher Jakob Lell will demonstrate the new type of hacking at the Black Hat hacker conference in Las Vegas next week. Their presentation is titled "Bad USB - On Accessories that Turn Evil." Thousands of security experts will gather at the annual hacker conference to hear about the latest hacking techniques, including those that threaten the security of business computers, consumer electronics and critical infrastructure. Nohl said he would not be surprised if intelligence agencies such as the National Security Agency have found a way to intercept cyber attacks through USB. Last year, Nohl demonstrated a breakthrough method for remotely hacking into mobile phone SIM cards at the hacker conference. In December last year, former NSA contractor Edward Snowden leaked documents showing that US intelligence agencies had previously used similar techniques for surveillance and called it "Monkey Calendar." The NSA declined to comment. SR Labs tested the technology using controller chips made by its main manufacturer, Taiwan's Phison Electronics Co. They placed the tainted controller chips in USB storage drives and smartphones running Google's Android operating system. Similar chips are made by Silicon Motion Technology Corp and Alcor Micro Corp. Nohl said his team had not tested chips made by those manufacturers. Phison and Google did not respond to requests for comment. Officials from Silicon Motion and Alcor were not immediately available. Beyond Phison, Nohl believes hackers have more opportunities to conduct cyberattacks through other controller chips because their manufacturers are not required to implement software security. Once contaminated, Nohl said, the chips could easily infect mice, keyboards and other devices connected via USB. In Nohl's tests, he was able to remotely access a computer by instructing it to download a malicious program through USB (these instructions, the PC believed, were issued by the computer's keyboard). He was also able to change the computer's so-called DNS network settings, instructing the computer to connect to the Internet through a malicious server. Once a computer is infected, it can be programmed to infect any USB device connected to the PC, further damaging any other device connected via USB. "All USB devices are contaminated, and the virus is self-propagating and extremely persistent. You can never delete it," said Nohl. Christof Paar, a professor of electrical engineering at the University of Bochum in Germany, who reviewed the research, said he believed the new research would lead to a better understanding of USB technology and could reveal more bug discoveries. He called on manufacturers to better protect chips to thwart any attacks. "Manufacturers should work on making it more difficult to change the software running on USB," Paar said.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Apps on iPad are starting to rot

>>: Summary of the first day of ChinaJoy: Consoles are here, mobile games have changed

A 2,000-year-old astronomical calendar was found in an ancient tomb. Does it hint at the "astronomy" of a lost civilization?

Blog

Before the advent of carnations, what flowers did ancient people use to represent mothers?

Recommend

In-depth brand communication strategy—penetrate!

There are two things that left a deep impression ...

The Aesthetic Value of Scientific Experiments

Today's scientific experimental devices are c...

Is there any charge for personal WeChat Mini Programs? How much does it cost for an individual to publish a WeChat Mini Program?

Is there any charge for personal WeChat Mini Prog...

Completely defeated by human doctors! AI clinical decision-making is sloppy and unsafe, with the lowest accuracy rate being only 13%

Will human doctors be laid off because of large m...

Zhejiang implements the same recruitment for all citizens! What does the same recruitment for all citizens mean? What impact will it have on school district housing?

On March 11, the Zhejiang Provincial Department o...

Hackers may use USB to carry out new network attacks

A 2,000-year-old astronomical calendar was found in an ancient tomb. Does it hint at the "astronomy" of a lost civilization?

Before the advent of carnations, what flowers did ancient people use to represent mothers?

What are the writing skills for creative titles of Baidu promotion bidding promotion?

The rise and fall of Chinese independent games

All the methods and techniques to make money quickly on Zhihu are here!

Will the Apple Watch be a hit?

How to promote products through operational means?

China Automobile Dealers Association: China Automobile Retention Value Report in June 2023

APP overseas promotion, detailed explanation of ASO skills!

While all cars are still focusing on driving on the ground, BYD has already flown into the sky with the Lingyuan system.

Recommend

In-depth brand communication strategy—penetrate!

The Aesthetic Value of Scientific Experiments

Is there any charge for personal WeChat Mini Programs? How much does it cost for an individual to publish a WeChat Mini Program?

About the fact that I became ugly at work...

How to plan a successful and beautiful event?

Baidu PPC position click-through rate

Completely defeated by human doctors! AI clinical decision-making is sloppy and unsafe, with the lowest accuracy rate being only 13%

Zhejiang implements the same recruitment for all citizens! What does the same recruitment for all citizens mean? What impact will it have on school district housing?

4 big mistakes that Jack Ma has made over the years

Chinese scientists have made new achievements!

Operators must read: 6 major APP customer acquisition models

Understand the massive amount of Qianchuan delivery techniques in one article!

Growth hacker Dong Shiyi's short video underlying practical logic course

A case study of the WeChat Moments distribution that sold 8,000 copies

Will washing away blood lipids make your body healthy?