Before the official talk about USB security, I still share a very interesting case as usual: At the end of 2014, reports from Reddit, a large company executive computer infected with malicious programs. The company's security researchers investigated the source of the malicious program, but checked all the traditional possible infections and found nothing. So they began to consider other breakthroughs, starting from the diet of the executive, turned over and over to check, and finally found that the problem is actually in the e-cigarette of executives.
“This is a Chinese-made electronic cigarette. The charging device contains a hardware-coded malicious program.†And this e-cigarette is charged through the USB port. This executive will plug it into the company for charging. On the computer, the computer is infected with a malicious program.
In this case, if the malicious program is made more secretive, then the entire attack process can even reach God's ignorance. The core of this communication is the "USB security" we want to talk about.
USB security? What does it mean?
It is inaccurate that we arbitrarily mention the term "USB security". Because USB is essentially a universal serial bus - there are many buses, SATA bus, PCIe bus, etc. What kind of security topic can you talk about? Perhaps USB can be used as a means of malicious program propagation at best. We say "USB security" and saying "network cable security" is it almost ridiculous?
However, probably because USB is a unified star standard that replaces various ancient interfaces, and USB does not require high licensing fees like interfaces such as Thunderbolt. It is also inevitable that the mass interface of the contemporary world uses USB interfaces. Interestingly, we often refer to devices that use USB interfaces as USB devices (but no one calls a hard drive built into a PC as a SATA device or a PCIe device), which is the basis for USB security here.
Because of the widespread use of USB in the modern era, USB devices have become an important carrier for the spread of malicious programs. But if you only say that USB devices are the way to spread malicious programs, then any interface actually has the feasibility of this kind of propagation. For example, U disk can spread the virus, Thunderbolt mobile hard disk is also OK, even the CD can be.
In general, we want to talk about the so-called USB security, not the USB security problem in the data transmission process, or a certain USB interface specification (such as type-c) a pin has a design defect, but a USB interface or bus As an important way of malicious programs, there are security issues, as well as security issues with USB protocols and drivers.
So for USB security, there are 3 points to talk about.
First, USB is a fairly universal standard. The mouse, keyboard, e-cigarette, and external sound card all use USB interface, and plug and play. So in the physical interface, its spread to malicious programs is probably the most efficient except for the network adapter interface.
Second, the USB protocol can be exploited by attackers, and this will be the focus of this article.
Third, the most advanced USB 0day vulnerability attack.
Autorun.inf era! U disk virus?
In an age when the network is not as prevalent as it is today, removable storage devices are an important way to spread viruses. Is to put malicious programs on the U disk, or mobile hard disk, or even floppy disk - in the process of data exchange between different PCs, you can achieve the role of spreading viruses. More sophisticated malicious programs also need humans to open to run. In an operating system like Windows, in order to enhance the experience, there is an AutoPlay/AutoRun autoplay function for mobile storage media.
The original automatic play function is that the CD/DVD multimedia disc can be inserted and played, and for the Windows installation media, the plug-in can immediately pop up the installer. Most students should know that the autorun.inf file in the root directory of the removable storage medium is responsible for the autoplay function, which opens in the following style:
Compared with the CD, the U disk's read/write convenience is obviously better. If the setup.exe here is a virus, then the device will insert the U disk and the system will automatically run the virus. So the virus through the autorun.inf file to achieve the U disk inserted to start the function of malicious programs, it is too convenient. Exchange data between colleagues, everyone's computer plugged in a poisoned U disk, naturally infected. The infected device is re-infected with a new USB flash drive inserted into the device to achieve the purpose of proliferation.
This is the common way for U disk to spread malicious programs, so some people call autorun.inf a "U disk virus", although this thing is actually very innocent. In fact, it is not difficult to eliminate the virus transmission in this way. On the one hand, the automatic playback or automatic startup function of the removable storage medium is disabled in the system, and on the other hand, the program can be prohibited from creating an autorun.inf file in the USB flash drive. , to achieve the purpose of U disk will not spread the virus.
It can be said that autorun.inf is the most popular U disk virus transmission method in the past. Many U disk virus killing tools are mainly used for autorun.inf. Especially since Windows XP SP2, the system is enabled by default for "USB Mass Storage Device" and ZIP drive. Microsoft saw that the situation was not good. Starting with Windows Vista and Windows Server 2008, the default behavior of the system for inserting a USB flash drive has been changed to ask the user whether to execute the automatic run command. The era of autorun.inf is now almost over.
Ebike Charger,Electric Motorcycles Chargers,E-Motorcycle High Power Charger,Electric Moped Fast Charger
HuiZhou Superpower Technology Co.,Ltd. , https://www.spchargers.com