FORUM DE L\'OM Index du Forum FORUM DE L\'OM

 FAQRechercherMembresGroupes S’enregistrer
ProfilSe connecter pour vérifier ses messages privés Connexion

Researchers turn USB cable into attack tool

Poster un nouveau sujet   Répondre au sujet    FORUM DE L\'OM Index du Forum -> FOOT EUROPEEN -> ESPAGNE
Sujet précédent :: Sujet suivant  
Auteur Message

Hors ligne

Inscrit le: 02 Oct 2010
Messages: 20

MessagePosté le: Jeu 20 Jan - 09:41 (2011)    Sujet du message: Researchers turn USB cable into attack tool Répondre en citant

Researchers turn USB cable into attack tool

Two researchers have figured out a way to attack laptops and smartphones through an innocent-looking USB cable.
Angelos Stavrou, an assistant professor of computer science at George Mason University, and student Zhaohui Wang wrote
software that changes the functionality of the USB driver so that they could launch a surreptitious attack while someone is
charging a smartphone or syncing data between a smartphone and a computer.
Basically, the exploit works by adding keyboard or mouse functionality to the connection so an attacker can then start typing
commands or click the mouse in order to steal files, download additional malware, or do other things to take control of the
computer, Stavrou told CNET in an interview. The exploit is enabled because the USB protocol can be used to connect any
device to a computing platform without authentication, he said.
He and his partner were scheduled to demonstrate an attack at the Black Hat DC conference today.
The exploit software they wrote identifies what operating sysetm is running on the device the USB cable is connected to. On
Macintosh and Windows machines, a message pops up saying the system has detected a new human interface device, but there is
no easily recognizable way to halt the process, Stavrou said. The Mac pop-up can be quickly removed by an attacker with a
command sent via the smartphone so the laptop owner may not even see it, while the Windows pop-up lasts only one or two
seconds in the lower left corner, making that an ineffective warning too, he said.
wow power leveling
Linux machines offer no warning, so users will have no idea that something out of the ordinary is happening, particularly
since the regular keyboard and mouse continue to function normally during an attack, Stavrou said.
"The operating system should present a pop-up and ask if the user really wants to connect the device" and specify what type
of device is being identified to the system, he said.
The researchers wrote the exploit for Android devices only at this point. "It can be done for iPhone, but we didn't do it
yet," Stavrou said. "It can work on any computing device that uses USB," and it can work between two smartphones by
connecting a USB cable between then, he said.
"Say your computer at home is compromised and you compromise your Android phone by connecting them," he said. "Then, whenever
you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise
other computers off that Android. It's a viral type of compromise using the USB cable."
The original compromise can happen by downloading the exploit from the Web or running an app that is compromised. The
researchers have created exploit software to run on a computer, and an exploit to run on Android that is a modification of
the Android operating system kernel. Scripts can then be written for the actual attack.
wow powerleveling
Antivirus software wouldn't necessarily stop this because it can't tell that the activities of the exploit are not controlled
or sanctioned by the user, Stavrou said. "It's hard to separate good behavior from bad behavior when it comes from the
keyboard," he said.
There's not much a person can do to protect against this at this time, according to Stavrou. The operating systems should
have the capability for devices to inspect USB traffic and alert users about what exactly is happening over the connection
and give them the option of refusing an action, he said.

Revenir en haut

MessagePosté le: Jeu 20 Jan - 09:41 (2011)    Sujet du message: Publicité

PublicitéSupprimer les publicités ?
Revenir en haut
Montrer les messages depuis:   
Poster un nouveau sujet   Répondre au sujet    FORUM DE L\'OM Index du Forum -> FOOT EUROPEEN -> ESPAGNE Toutes les heures sont au format GMT + 2 Heures
Page 1 sur 1

Sauter vers:  

Index | Panneau d’administration | créer un forum | Forum gratuit d’entraide | Annuaire des forums gratuits | Signaler une violation | Conditions générales d'utilisation
Powered by phpBB © 2001, 2018 phpBB Group
Template BlueLagoon by Oum - Chez Oum
Traduction par :