This article is a translated article, the original author of the article Catalin Cimpanu, article source: https
://www.bleepingcomputer.comOriginal address: https://www.bleepingcomputer.com/news/security/heres-a-list-of-29- different-types-of-usb-attacks/
以色列本古里安大学的研究人员发现了利用 USB 设备攻陷用户电脑的29种方法。
The research team divided the 29 exploits into four categories according to the implementation of the attack:
(1) Attacks were carried out by reprogramming the internal microcontroller of the USB device. The device appears to be some kind of special USB device (such as a charger), but in fact does something else (such as a keyboard—injecting keystrokes).
(2a) Perform malicious actions (such as malware download, data exfiltration, etc.) by reprogramming the firmware of the USB device.
(2b) Not by reprogramming the USB device firmware but by exploiting flaws in the way the operating system normally interacts with the USB protocol/standard.
(3) Power attack based on USB.
Reprogrammable Microcontroller USB Attacks
(1) Rubber Ducky: A commercial keystroke injection attack published in 2010. Once connected to a host computer, Rubber Ducky acts as a keyboard, injecting a preloaded sequence of keystrokes.
(2) PHUKD/URFUKED attack platform: Similar to Rubber Ducky, but can cause attackers to inject malicious keystrokes.
(3) USBdriveby: Quickly covertly install backdoors and override DNS settings on unlocked OS X hosts via USB in seconds by emulating a USB keyboard and mouse.
(4) Evilduino: Similar to PHUKD/URFUKED, but uses Arduino microcontroller instead of Teensy. It also works by simulating a keyboard/mouse, and can send keyboard/mouse cursor actions to the host based on a preloaded script.
(5) Unplanned USB Channels: It is a POC USB hardware Trojan that exfiltrates data based on unintended USB channels (eg using USB speakers).
(6) TURNIPSCHOOL (COTTONMOUTH-1): A hardware implant hidden in a USB cable, developed by the US National Security Agency.
(7) RIT attack via USB mass storage: an attack method mentioned in a research paper. When the USB mass storage device is connected to the victim computer, it changes the file contents.
(8) Attack on wireless USB dongle: It is a type of attack first explored in the KeySweeper attack launched by legendary hacker Samy Kamkar, which can secretly record and decrypt keystrokes from many Microsoft RF wireless keyboards.
(9) Default Gateway Override: Spoofing the USB Ethernet adapter via the microcontroller, overriding DHCP settings and hijacking local traffic.
Maliciously reprogrammed USB peripheral firmware attack
(10) Smartphone-based HID attack: This attack type was first mentioned in a research report where researchers created custom Android tool drivers to override the way Android and USB devices interact. The malicious driver interacts with the Android USB Tools API to simulate a USB keyboard and mouse device connected to the phone.
(11) DNS overridden by modified USB firmware: The researchers modified the USB flash drive firmware and used it to imitate a USB-to-Ethernet adapter, and then hijacked local traffic.
(12) Modified USB firmware to emulate a keyboard: Several researchers have shown how to poison USB flash drive firmware to hijack keystrokes.
(13) Hidden Partition Patching: Researchers demonstrate how USB flash drives can be reprogrammed to behave like regular drives, creating hidden analytics that cannot be formatted, leading to covert data penetration.
(14) Password Protection Bypass Patch: Minor modifications to USB flash drives can allow attackers to bypass password protected USB flash drives.
(15) Virtual machine breakthrough: The researchers used USB firmware to break through the virtual machine environment.
(16) Boot sector virus: The researchers used a USB flash drive to infect the computer before it started.
(17) iSeeYou: This POC program reprograms the firmware of a class of Apple's internal iSight webcams, allowing attackers to secretly capture video content without triggering an LED indicator warning.
Attacks based on unreprogrammed USB drivers
(18) CVE-2010-2568: A .LNK exploit used by Stuxnet ("Stuxnet") and Fanny malware
(19) USB backdoor in air-gapped hosts: Fanny malware used The attack, developed by the NSA "Equation Group". The attack uses USB hidden storage to store preset commands to map computers in an air-gapped network. Network information is saved to hidden storage on a USB flash drive.
(20) Data hidden in USB mass storage devices: Various techniques to hide malware or stolen data in USB deletion drives (such as storing data outside of normal partitions, by changing folder diagrams and names to hides files in an invisible folder for transparency).
(21) AutoRun exploit code: Depending on how the host computer is configured, some computers automatically execute predefined files located in the USB device storage. Malware belonging to this so-called autorun constitutes a class of malware.
(22) Cold boot attack: RAM leak attack. An attacker could store the memory leaker on a USB flash drive and extract the remaining data from RAM by booting the USB device.
(23) Buffer overflow-based attacks: Rely on a variety of attacks that exploit operating system buffer overflows when a USB device is plugged into a computer. This type of attack occurs because when a USB device is plugged in, the operating system enumerates the device and capabilities (runs some predefined action).
(24) Driver upgrade: It is a very sophisticated attack that relies on obtaining a VeriSign Type 3 organization certificate, and when a USB device is inserted, the driver that will be automatically propagated and installed on the user's computer is submitted to Microsoft. Such an attack is possible, but difficult to trigger in practice.
(25) Device firmware update: An attacker can use device firmware update (a legitimate process supported by the USB standard) to upgrade the local legitimate firmware to a malicious version.
(26) USB Stealing: USB deletion drives based on data-stealing malware, recently discovered by ESET Corporation.
(27) Attacking smartphones via USB ports: Attackers can hide and spread malware through USB phone chargers.
(28) USBee attack: Make the data bus of the USB connector emit electromagnetic signals for data penetration.
Power Attack
(29) USB Killer: Can trigger a power overload by plugging in, permanently destroying the device.
All of these attack types were detailed in an article published last year in the journal ScienceDirect by the Ben-Gurion University research team.
The purpose of this research is to alert users to the many ways in which USB devices can be misused to infect their systems and stealthily steal data from protected air-gapped networks. The research team recommends banning the use of USB devices in secure networks or at least strictly controlling their use.
Xiaobian say
what? ? ? There are 29 USB attack methods, and they are fatal. It seems that in the future someone should be careful when they say "I insert a U disk to copy something".