Hackers may use USB to carry out new network attacks

Hackers may use USB to carry out new network attacks
Hackers can use USB devices such as mice, keyboards and thumb drives to break into personal computers, a top computer researcher revealed Thursday. It's a new type of attack that defeats all known security protections. Karsten Nohl, chief scientist at SR Labs in Berlin, Germany, said hackers can download malware to small, low-cost chips to control the functions of USB devices, which have no built-in firewalls to prevent code tampering. "You can't tell where the virus came from. It's like magic," said Nohl, whose research team is known for uncovering major technical flaws in mobile phones. The discovery shows that software flaws in tiny electronic components are invisible to ordinary computer users, but once hackers know how to exploit them, the consequences are disastrous. Security researchers have increasingly turned their attention to studying these flaws. Nohl said his team has simulated cyberattacks by writing malicious code to USB control chips used in thumb drives and smartphones. Once the USB device is connected to a computer, the malware can record keystrokes, spy on communications and destroy data. Nohl also revealed that when the contaminated devices are plugged into personal computers, the computers are not detected as infected because antivirus programs only scan software written to memory, not the "firmware" used to control the functions of devices such as USB. Nohl and SR Labs security researcher Jakob Lell will demonstrate the new type of hacking at the Black Hat hacker conference in Las Vegas next week. Their presentation is titled "Bad USB - On Accessories that Turn Evil." Thousands of security experts will gather at the annual hacker conference to hear about the latest hacking techniques, including those that threaten the security of business computers, consumer electronics and critical infrastructure. Nohl said he would not be surprised if intelligence agencies such as the National Security Agency have found a way to intercept cyber attacks through USB. Last year, Nohl demonstrated a breakthrough method for remotely hacking into mobile phone SIM cards at the hacker conference. In December last year, former NSA contractor Edward Snowden leaked documents showing that US intelligence agencies had previously used similar techniques for surveillance and called it "Monkey Calendar." The NSA declined to comment. SR Labs tested the technology using controller chips made by its main manufacturer, Taiwan's Phison Electronics Co. They placed the tainted controller chips in USB storage drives and smartphones running Google's Android operating system. Similar chips are made by Silicon Motion Technology Corp and Alcor Micro Corp. Nohl said his team had not tested chips made by those manufacturers. Phison and Google did not respond to requests for comment. Officials from Silicon Motion and Alcor were not immediately available. Beyond Phison, Nohl believes hackers have more opportunities to conduct cyberattacks through other controller chips because their manufacturers are not required to implement software security. Once contaminated, Nohl said, the chips could easily infect mice, keyboards and other devices connected via USB. In Nohl's tests, he was able to remotely access a computer by instructing it to download a malicious program through USB (these instructions, the PC believed, were issued by the computer's keyboard). He was also able to change the computer's so-called DNS network settings, instructing the computer to connect to the Internet through a malicious server. Once a computer is infected, it can be programmed to infect any USB device connected to the PC, further damaging any other device connected via USB. "All USB devices are contaminated, and the virus is self-propagating and extremely persistent. You can never delete it," said Nohl. Christof Paar, a professor of electrical engineering at the University of Bochum in Germany, who reviewed the research, said he believed the new research would lead to a better understanding of USB technology and could reveal more bug discoveries. He called on manufacturers to better protect chips to thwart any attacks. "Manufacturers should work on making it more difficult to change the software running on USB," Paar said.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<:  Apps on iPad are starting to rot

>>:  Summary of the first day of ChinaJoy: Consoles are here, mobile games have changed

Recommend

Formula for brand marketing and promotion!

"Bringing goods" has become a topic tha...

Soul product analysis report!

Socializing with acquaintances is the basis of ou...

He shot a gorilla and brought it back to life

In 1896, in what is now Somalia, Carl Akeley fire...

Hybrid APPS Why I am optimistic about you - a tribute to front-end engineers

[[143937]] At the very beginning, the Web used th...

Proposing with a concrete ring, who says tech guys don't understand romance

Who says tech guys don’t understand romance? Rece...

Li Lei's 12 voice acting lessons

Course Catalog: ├──01.Teach you how to hold your ...