The rise of USB malware

Started by TehBorken, Nov 22 14 11:06

Previous topic - Next topic

TehBorken

From the well-this-isn't-good department....



http://www.theguardian.com/technology/2014/nov/21/e-cigarettes-malware-computers?CMP=share_btn_tw




An operative who is reportedly a "very senior in the US intelligence community" claims that a huge proportion of USB devices ship with malware loaded on them, and said that the security protocols practiced by the entities he worked in prohibited the use of USB drives except those from a single, US-based, certified vendor.

But both that conversation and an article from the Guardian hinge on a view of Chinese manufacturers as untrustworthy, serving as de facto arms of the Chinese surveillance apparatus, a Trojan horse for both military and industrial espionage. But as the management of China's Huawai have pointed out (http://boingboing.net/2013/10/21/huawei-unlike-western-compani.html), there is no public evidence that this is so -- indeed, if anyone is hacking anyone, it's US spy-agencies hacking (http://boingboing.net/2014/03/23/nsa-hacked-huawei-totally-pen.html) Huawei (http://boingboing.net/2014/01/15/headwater-nsa-program-for-sab.html) -- and US-made gear (http://boingboing.net/2014/05/12/nsa-sabotaged-exported-us-made.html), like that from Cisco.

In other words, the governments responsible for a $250,000,000/year program (http://boingboing.net/2013/09/05/report-nsa-slices-through-mos.html) of technological sabotage against the technology that we all rely upon every day are the loudest voices in the chorus warning us against Chinese state-industrial malware. Perhaps it takes one to know one?

Production line malware has been around for more than a few years, infecting photo frames, MP3 players and more. As far back as 2008 a photo frame produced by Samsung shipped with malware on the product's install disc. And this is just one that we know about, it's very, very likely that there have been other instances of this...perhaps many instances. We just don't know.

Basically any electrical device that uses a USB charger could be targeted in this way, and just about every one of these electrical devices will come from China.

For now it's probably safe to assume that one or more of the USB devices you use shipped with built-in malware. This malware can run and infect a device even if you just plug it in for charging.

You can get a gadget that disables the data pins on a USB device that makes any USB port safe for charging (it's charmingly called a "USB condom (https://www.google.com/?gws_rd=ssl#safe=off&q=USB+condom)"), but the problem comes when you actually need to transfer data. Then all bets are off unless you're running on Linux. If it's a Windows device, however, you can count on getting infected.


The real trouble with reality is that there's no background music.

Gopher

Scary -but then again, I'd put nothing past them.
A fool's paradise is better than none.