USB devices such as mice, keyboards and thumb-drives can be used to
hack into personal computers in a potential new class of attacks that
evade all known security protections, a top computer researcher
revealed.
Karsten Nohl, chief scientist with Berlin’s SR Labs, noted that
hackers could load malicious software onto tiny, low-cost computer chips
that control functions of USB devices but which have no built-in
shields against tampering with their code.
“You cannot tell where the virus came from. It is almost like a magic
trick,” said Nohl, whose research firm is known for uncovering major
flaws in mobile phone technology.
The finding shows that bugs in software used to run tiny electronics
components that are invisible to the average computer user can be
extremely dangerous when hackers figure out how to exploit them.
Security researchers have increasingly turned their attention to
uncovering such flaws.
Nohl said his firm has performed attacks by writing malicious code
onto USB control chips used in thumb drives and smartphones. Once the
USB device is attached to a computer, the malicious software can log
keystrokes, spy on communications and destroy data, he said.
Computers do not detect the infections when tainted devices are
inserted into a PC because anti-virus programs are only designed to scan
for software written onto memory and do not scan the “firmware” that
controls the functioning of those devices, he said.
Nohl and Jakob Lell, a security researcher at SR Labs, will describe
their attack method at next week’s Black Hat hacking conference in Las
Vegas in a presentation titled: “Bad USB – On Accessories that Turn
Evil.”
Thousands of security professionals gather at the annual conference
to hear about the latest hacking techniques, including ones that
threaten security of business computers, consumer electronics and
critical infrastructure.
Nohl said he would not be surprised if intelligence agencies like the
National Security Agency have already figured out how to launch attacks
using this technique.
Last year he presented research at Black Hat on breakthrough methods
for remotely attacking SIM cards on mobile phones. In December,
documents leaked by former NSA contractor Edward Snowden demonstrated
that the U.S. spy agency was using a similar technique for surveillance,
which it called “Monkey Calendar.”
An NSA spokeswoman declined to comment.
SR Labs tested the technique by infecting controller chips made by
major manufacturer Taiwan’s Phison Electronics Corp, and placing them
into USB memory drives and smartphones running Google Inc’s Android
operating system.
Similar chips are made by Silicon Motion Technology and Alcor Micro.
Nohl said his firm did not test devices with chips from those
manufacturers.
Phison and Google did not respond to requests for comment. Officials
with Silicon Motion and Alcor Micro could not immediately be reached.
Nohl said he believes hackers would have a “high chance” of
corrupting other kinds of controller chips besides those made by Phison,
because their manufacturers are not required to secure software. He
said those chips, once infected, could be used to infect mice, keyboards
and other devices that connect via USB.
“The sky is the limit. You can do anything at all,” he said.
In his tests, Nohl said he was also able to gain remote access to a
computer by having the USB instruct the computer to download a malicious
program with instructions that the PC believed were coming from a
keyboard. He said he was also able to change what are known as DNS
network settings on a computer, essentially instructing the machine to
route Internet traffic through malicious servers.
Once a computer is infected, it could be programmed to infect all USB
devices that are subsequently attached to that PC, which would then
corrupt machines that they contact.
“Now all of your USB devices are infected. It becomes
self-propagating and extremely persistent,” Nohl said. “You can never
remove it.”
Christof Paar, a professor of electrical engineering at Germany’s
University of Bochum who reviewed the findings, said he believes the new
research will prompt others to take a closer look at USB technology,
and potentially lead to the discovery of more bugs. He called on
manufacturers to move to better protect their chips to thwart any
attacks.
