The dangers of USB pendisks. An alert to all bitcoiners and geeks

[remotemass]

I think all we bitcoiners must become more aware of the dangers of USB, after reading this article:
http://www.wired.com/2014/07/usb-security/?mbid=social_fb

[1715634116]

1715634116

[1715634116]

1715634116

[1715634116]

1715634116

[Buffer Overflow]

Interesting article. Also a bit worrying. 

[djjacket]

I think all we bitcoiner must become more aware of the dangers of USB, after reading this article:
http://www.wired.com/2014/07/usb-security/?mbid=social_fb

Thanks for linking that article.  Very interesting to see what they release at BlackHat and how the USB community reacts.

[Lauda]

This is why you use a HDD or SSD as cold storage. I always figured that something used so widely would cause a lot of problems if an vulnerability was found in it.

[ponzigo]

But what kind of usb has that? Just to be aware.

[h0lybyte]

The problem here is that you shouldnt be plugin random usb drives that you find haha.
Isnt there a "USB" condom out there that we could use to prevent this type of crap from happening?

[keithers]

The problem here is that you shouldnt be plugin random usb drives that you find haha.
Isnt there a "USB" condom out there that we could use to prevent this type of crap from happening?

That would actually be a really good invention...like some sort of adapter that you plug the usb drive into before plugging it into your computer (to run it in sandbox or whatever)

[franky1]

duplicate thread.

someone else beat you to it by 3 hours
https://bitcointalk.org/index.php?topic=718817.0

but its old news as of 2006-2008..
http://seattletimes.com/html/microsoft/2004379751_msftlaw29.html

so dont panic shouting about new threat and the world ending as of today.. as this is just making people aware of an old threat. so calm down and just be more careful with your computer, the world is not ending, tomorrow is just another day, same as yesterday

[ChuckBuck]

Dangit, now we gotta worry about USB Ebola viruses!   

I use 3 different USB devices to backup my wallet.dat too.  Next thing you know our PC's are going to be acting like "Infected" like "The Last of Us" or walkers from "The Walking Dead"...   Start DDoS'ing and phishing like a muthafucka...

[JohnFromWIT]

Watching this thread for sure.

[ForgottenPassword]

This is why you use a HDD or SSD as cold storage. I always figured that something used so widely would cause a lot of problems if an vulnerability was found in it.

Everything described in this article is possible to do with a HDD or SDD.

And this problem isn't just limited to storage devices, it encompasses ALL of your computer hardware. Similar attacks have been done by modifying a motherboards BIOS, firmware on network cards, and this has been known for a LONG time.

http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

Think about it: even your mouse could have a tiny wireless receiver in it that would allow an attacker to move it remotely, or be pre-programmed with a macro that executes when you're not using it.

Or how about your Trezor (hardware Bitcoin wallet)?

Even the NSA leaks showed us that the NSA intercepts computer hardware in the mail going to "targets" and make modifications to it:


http://www.theverge.com/2013/12/29/5253226/nsa-cia-fbi-laptop-usb-plant-spy


How do you prevent it? If you feel that an adversary would try these kind of attacks on you, source all your hardware from reputable sources that you trust and if you know how, check it hasn't been modified in any obvious way - just like you should do with software you install on your machine.

[TookDk]

I think all we bitcoiners must become more aware of the dangers of USB, after reading this article:
http://www.wired.com/2014/07/usb-security/?mbid=social_fb

Interesting reading, thanks for sharing.

[Beliathon]

Personally I've got nothing to worry about until USB can plug into my brain.

[ForgottenPassword]

Personally I've got nothing to worry about until USB can plug into my brain.

What about when you go to spend your brainwallet? You remember and verify all of the blockchain data in your head? and you do all the ECC math to sign transactions in your head?

[Beliathon]

Personally I've got nothing to worry about until USB can plug into my brain.

What about when you go to spend your brainwallet?

The BTC in my brain is for long term storage. By the time I need to spend it, there will be wearable tech that detects my unique heartbeat (we all have unique heartbeats) to secure my transactions. Ask me again in 5-10 years and I'll let you know if it's a problem.

[Ludi]

This has already been posted here today https://bitcointalk.org/index.php?topic=718817.msg812051

Seems nothing is safe from anyone when it comes to computers.

[serje]

Let the paranoia begin!!!!!!

I'm not afraid of this because I don't use USB ports .... they are disabled from BIOS


Yeah I know I'm a Bad Mother Fucker!

[ForgottenPassword]

The BTC in my brain is for long term storage. By the time I need to spend it, there will be wearable tech that detects my unique heartbeat (we all have unique heartbeats) to secure my transactions.

Oh no! your wearable tech contains a backdoor that transmits your heartbeat data to an attacker each time your heart beats. Bye bye BTC...  

I'm not afraid of this because I don't use USB ports .... they are disabled from BIOS

Until your BIOS has a backdoor that enables them or just steals the BTC itself. BTC gone. Unlike the above one these are actually not uncommon.
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/

PS. I know I'm being silly but everything I said is not that difficult to do in the grand scale of things. In reality an attacker who wants to get your BTC/data that bad will just drug you and hit you with a wrench until you give it up.

[oceans]

This is very worrying to say the least but with something that is used worldwide quite frequently something like this was bound to happen in the end. It's a lot safer to use hard drives I feel to be honest than it is to use USB pendisks, making a constant check on anything you use as well is something that can help prevent any problems occurring.

[keithers]

Technology is almost advancing too quickly for our own good.  If you really think about it, the amount of technological advances in the last 20 years alone, is probably more than the past 100 years combined...