Hacking Computers Over USB
I've previously written about the risks of small portable computing devices; how more and more data can be stored on them, and then lost or stolen. But there's another risk: if an attacker can convince you to plug his USB device into your computer, he can take it over.
Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB's internal storage, and hide them as "deleted" files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that's likely to be with us for many years to come.
The article has the details, but basically you can configure a file on your USB device to automatically run when it's plugged into a computer. That file can, of course, do anything you want it to.
Recently I've been seeing more and more written about this attack. Even i have tried this one on some of my friends and got success. Anyway, there is a defense from such kind of things, if you are thinking about AutoRun then AutoRun is just a bad idea. People putting CD-ROMs or USB drives into their computers usually want to see what's on the media, not have programs automatically run. Fortunately you can turn AutoRun off. A simple manual approach is to hold down the "Shift" key when a disk or USB storage device is inserted into the computer, and release it after 20 sec..
Plug an iPod or USB stick into a PC running Windows and the device can literally take over the machine and search for confidential documents, copy them back to the iPod or USB's internal storage, and hide them as "deleted" files. Alternatively, the device can simply plant spyware, or even compromise the operating system. Two features that make this possible are the Windows AutoRun facility and the ability of peripherals to use something called direct memory access (DMA). The first attack vector you can and should plug; the second vector is the result of a design flaw that's likely to be with us for many years to come.
The article has the details, but basically you can configure a file on your USB device to automatically run when it's plugged into a computer. That file can, of course, do anything you want it to.
Recently I've been seeing more and more written about this attack. Even i have tried this one on some of my friends and got success. Anyway, there is a defense from such kind of things, if you are thinking about AutoRun then AutoRun is just a bad idea. People putting CD-ROMs or USB drives into their computers usually want to see what's on the media, not have programs automatically run. Fortunately you can turn AutoRun off. A simple manual approach is to hold down the "Shift" key when a disk or USB storage device is inserted into the computer, and release it after 20 sec..
Disabling autorun
To Disable CD autorun, completely
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for Turn autoplay off and modify it as you desire.
1) Click Start, Run and enter GPEDIT.MSC
2) Go to Computer Configuration, Administrative Templates, System.
3) Locate the entry for Turn autoplay off and modify it as you desire.
No comments:
Post a Comment