Hackers may use USB to carry out new network attacks

Hackers can use USB devices such as mice, keyboards and thumb drives to break into personal computers, a top computer researcher revealed Thursday. It's a new type of attack that defeats all known security protections. Karsten Nohl, chief scientist at SR Labs in Berlin, Germany, said hackers can download malware to small, low-cost chips to control the functions of USB devices, which have no built-in firewalls to prevent code tampering. "You can't tell where the virus came from. It's like magic," said Nohl, whose research team is known for uncovering major technical flaws in mobile phones. The discovery shows that software flaws in tiny electronic components are invisible to ordinary computer users, but once hackers know how to exploit them, the consequences are disastrous. Security researchers have increasingly turned their attention to studying these flaws. Nohl said his team has simulated cyberattacks by writing malicious code to USB control chips used in thumb drives and smartphones. Once the USB device is connected to a computer, the malware can record keystrokes, spy on communications and destroy data. Nohl also revealed that when the contaminated devices are plugged into personal computers, the computers are not detected as infected because antivirus programs only scan software written to memory, not the "firmware" used to control the functions of devices such as USB. Nohl and SR Labs security researcher Jakob Lell will demonstrate the new type of hacking at the Black Hat hacker conference in Las Vegas next week. Their presentation is titled "Bad USB - On Accessories that Turn Evil." Thousands of security experts will gather at the annual hacker conference to hear about the latest hacking techniques, including those that threaten the security of business computers, consumer electronics and critical infrastructure. Nohl said he would not be surprised if intelligence agencies such as the National Security Agency have found a way to intercept cyber attacks through USB. Last year, Nohl demonstrated a breakthrough method for remotely hacking into mobile phone SIM cards at the hacker conference. In December last year, former NSA contractor Edward Snowden leaked documents showing that US intelligence agencies had previously used similar techniques for surveillance and called it "Monkey Calendar." The NSA declined to comment. SR Labs tested the technology using controller chips made by its main manufacturer, Taiwan's Phison Electronics Co. They placed the tainted controller chips in USB storage drives and smartphones running Google's Android operating system. Similar chips are made by Silicon Motion Technology Corp and Alcor Micro Corp. Nohl said his team had not tested chips made by those manufacturers. Phison and Google did not respond to requests for comment. Officials from Silicon Motion and Alcor were not immediately available. Beyond Phison, Nohl believes hackers have more opportunities to conduct cyberattacks through other controller chips because their manufacturers are not required to implement software security. Once contaminated, Nohl said, the chips could easily infect mice, keyboards and other devices connected via USB. In Nohl's tests, he was able to remotely access a computer by instructing it to download a malicious program through USB (these instructions, the PC believed, were issued by the computer's keyboard). He was also able to change the computer's so-called DNS network settings, instructing the computer to connect to the Internet through a malicious server. Once a computer is infected, it can be programmed to infect any USB device connected to the PC, further damaging any other device connected via USB. "All USB devices are contaminated, and the virus is self-propagating and extremely persistent. You can never delete it," said Nohl. Christof Paar, a professor of electrical engineering at the University of Bochum in Germany, who reviewed the research, said he believed the new research would lead to a better understanding of USB technology and could reveal more bug discoveries. He called on manufacturers to better protect chips to thwart any attacks. "Manufacturers should work on making it more difficult to change the software running on USB," Paar said.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.

<<: Apps on iPad are starting to rot

>>: Summary of the first day of ChinaJoy: Consoles are here, mobile games have changed

I want to learn Baidu bidding promotion. Are there any recommended Baidu bidding promotion tutorials?

When walking, your legs suddenly become weak. What is wrong with your knees? This article will teach you how to distinguish

Blog

Xianyu attracts mom fans + sells goods to make money and earns 30,000+ a month (practical video tutorial)

Is the investment fee for Jiujiang Women's Clothing Mini Program high? Jiujiang Women's Wear Mini Program Investment Fees and Process

Blog

7 cases of myocardial infarction were treated in one and a half days! Doctor: They all have these common characteristics!

Reviewer of this article: Chen Haixu, Deputy Dire...

Zhiji Auto is developing new battery technology with CATL, which can extend the range of new energy vehicles to over 1,000 km

Recently, Zhiji Auto announced that its technical...

Hackers may use USB to carry out new network attacks

I want to learn Baidu bidding promotion. Are there any recommended Baidu bidding promotion tutorials?

Mercury Research: AMD's global x86 market share will reach 24.7% in Q4 2024, up 4.3% year-on-year

Why can't you remember things before the age of three? Scientists explain

When walking, your legs suddenly become weak. What is wrong with your knees? This article will teach you how to distinguish

Xianyu attracts mom fans + sells goods to make money and earns 30,000+ a month (practical video tutorial)

Double 11 Marketing Activity Analysis Manual

Huawei responds to US ban on Chinese 5G: Restricting Huawei will not make the US stronger

Several ways to make money on Douyin. What are the ways to make money on Douyin?

New energy vehicle owners complain about the cost of repairs: a minor scratch costs 20,000 yuan

Is the investment fee for Jiujiang Women's Clothing Mini Program high? Jiujiang Women's Wear Mini Program Investment Fees and Process

Recommend

Weekly Technology Talk丨Long life and reliability, lithium batteries have a promising future

There are two major pitfalls in copywriting that 91% of marketers cannot avoid. Are you one of them?

Mobile QQ upgrade hides "bull horn icon" Easter egg, netizens: I feel more awesome

The trillion-dollar new business model of smart cars is driven by billions of sensors that you don’t know about

How powerful is the Tabor robot vacuum cleaner’s path-finding artificial intelligence laser navigation + PC-level chip?

Formula for brand marketing and promotion!

Soul product analysis report!

He shot a gorilla and brought it back to life

Hybrid APPS Why I am optimistic about you - a tribute to front-end engineers

Following in the footsteps of NIO, WM Motor announced the recall of 1,282 2020 Willmaster electric vehicles

7 cases of myocardial infarction were treated in one and a half days! Doctor: They all have these common characteristics!

Proposing with a concrete ring, who says tech guys don't understand romance

Yingke Huajiao was ordered to rectify its video live streaming business and faced three pitfalls

Li Lei's 12 voice acting lessons

Zhiji Auto is developing new battery technology with CATL, which can extend the range of new energy vehicles to over 1,000 km