Researchers discover way to create trojans in USB hardware

Tech 1984 ^ | 7/6/2010 | Tech 1984

[oc-flyfish]

Wonderful, just one more way for our benevolent federal government to spy on us.

[rabscuttle385]

fyi

[oc-flyfish]

Hey, I just sent in my donation to FR. You should do the same thing too!

[Soothesayer9]

And what do we get if we donate? A FR cap?

[Marty62]

I know an It guy (really great) who cleans my puter every so often.

He said I had some really bad stuff on it this time.
Do you know anything about a trojan called BHO-AM? I get hit every morning around 4:30.

It is really PMO.

[bigbob]

I wonder if this is unique to Windows systems...the article doesn’t say.

[oc-flyfish]

The ability to keep FR online for another 3 months. :-)

[oc-flyfish]

The article does not say. I think it would work across systems but the trojan would have to be written to “understand” the system calls used by a Mac, versus Linux, versus Windows.

[oc-flyfish]

Gee, I have the same BHO one as well! I hear it self destructs in 2012.

[Gay State Conservative]

Let's no forget Red China.Just about every USB drive is made either in Taiwan or Red China itself.And The Chicoms certainly have enough operatives in Taiwan so that their units would be suspect as well.

[Marty62]

OK!:)

[UCANSEE2]

I cleaned my USB drive, but after I got it out of the dryer, it no longer worked.

[LomanBill]

>>Let’s no forget Red China.

Hey, I know... let’s outsource the manufacturing of vlsi chips critical to economic and military industrial infrastructures to our “former” enemies and current competitors. What could possibly go wrong?

[musicman]

"And what do we get if we donate? A FR cap?"

"The ability to keep FR online for another 3 months. :-)"

...and quite possibly........

[TChad]

Here's the referenced article:

http://tarpit.rmc.ca/leblanc/Research/Clark_Leblanc_Knight-HW_Trojan_Horse_Unintended_USB_Channels.pdf

Bah.

[ShadowAce]

[Still Thinking]

Obama BS decoder?? You mean this:

[Chode]

no, the knowledge you're no longer a freeloader...

[musicman]

[snowsislander]

Thanks for the link.

From the penultimate (and it should have been a lot closer to the front of the paper) page:

3.4.1. Observability. Someone with direct observation of compromise a network endpoint, without attempting access the network endpoint would be able to notice the uploading through the network. of applications, as the text entered by the Hardware Trojan Horse device would appear on the display as text being entered by the keyboard. A user at the network endpoint could also disrupt the uploading of the applications because any characters entered on the legitimate keyboard would be passed to the file containing the uploaded application.

I skimmed the paper, and I believe that a short summary is that a USB keyboard can be programmed to capture keystrokes and also can be setup to automatically type commands that can lead to compromise of data stored the system.

(There's a whole elaborate bit about using audio and keyboard LEDs that I fail to see much use for, but I didn't spend a great deal of time with this paper since the overall attack doesn't seem very covert.)