Why the Security of USB Is Fundamentally Broken

W2014 (OP)

Member

Offline

Activity: 205
Merit: 10

Why the Security of USB Is Fundamentally Broken

July 31, 2014, 08:13:58 PM

Implications for Armory cold storage methods?

Why the Security of USB Is Fundamentally Broken

Computer users pass around USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.

Full Wired.com article is here:

http://www.wired.com/2014/07/usb-security/

Thoughts?

The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.

Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.

1715380961

Hero Member

Offline

Posts: 1715380961

Ignore

1715380961

1715380961


	Report to moderator

segeln

Hero Member

Offline

Activity: 602
Merit: 500

Re: Why the Security of USB Is Fundamentally Broken

July 31, 2014, 08:55:23 PM

I think this is the original article in the german monthly "DIE ZEIT"

http://www.zeit.de/digital/datenschutz/2014-07/usb-controller-chip-angriff-srlabs

As I understand it, a german security Research Group has developed a kind of possible attacks by USB Sticks .
but they are not "on the market"
It is just a result of a scientific security Research.
But I am waiting for Armory devs reply

btchris

Hero Member

Offline

Activity: 672
Merit: 504

a.k.a. gurnec on GitHub

Re: Why the Security of USB Is Fundamentally Broken

July 31, 2014, 09:26:56 PM

This has actually been done before, but not to the extent that the new researchers have reached.

The basic moral of the story is "don't let someone else plug something into your PC, it might be dirty." (this rule works IRL, too, if you s/your PC/you/ Wink

)

In other words, if you're using a USB stick to bridge the air gap, make sure it's one you bought yourself from a reputable seller, and then you'll probably be OK. I say probably because in theory, if your online PC is compromised, there are some USB sticks whose firmwares could be reprogrammed turning a clean USB stick into a dirty one.

It will be interesting to see if any malware in the future tries to do this automatically....

There was a thread that talked about this not too long ago: Offline wallet - USB key alternatives - security concerns

DrG

Legendary

Offline

Activity: 2086
Merit: 1035

Re: Why the Security of USB Is Fundamentally Broken

August 02, 2014, 08:57:09 AM

You could always use an ancient USB drive with a flash area so small that the "upgraded" firmware could not be put on there. Kind of like how dumbphones might actually be smarter for security purposes.

SMB-2525

Full Member

Offline

Activity: 195
Merit: 100

Re: Why the Security of USB Is Fundamentally Broken

August 03, 2014, 07:05:48 PM

The main point of the article is it is more than USB sticks - which are expected to potentially contain malware. Any USB device (mouse, network, keyboard) can theoretically be configured with malware. These "nonstick" devices are typically not evaluated for malware and the embedded firmware executes on connection.

That is, however, a very sophisticated attack because the attacker has to get their their malware into the device.

Made in China anyone?

Pages: [1]

Bitcoin Forum > Bitcoin > Development & Technical Discussion > Wallet software > Armory > Why the Security of USB Is Fundamentally Broken

« previous topic next topic »