[ale] usb hack gives kernel level access in win, upnp hack update

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Sat Mar 16 14:08:03 EDT 2013 

Hi all,

They shared some interesting and scary info in the latest Security Now episode I thought I'd pass along.

MS just patched a really nasty potential attack vector via USB.  I haven't heard of this applying to Linux, but something like it theoretically could.

http://news.cnet.com/8301-10805_3-57573972-75/microsofts-latest-patches-address-new-usb-hack/

It does require physical access to the pc, but basically, you put a malicious USB stick into the machine, and you own the machine.  This happens as long as the machine is powered on - PERIOD.  It doesn't have to be logged on.  It doesn't matter if autorun / autoplay is on.  And your malicious code runs at the KERNEL level.  It happens during the enumeration process for usb, before files or programs even come into play. 

So, if you deal with windows, of any type, patch it.  Of course, we all know that many machines get patched only infrequently or never.

I would think that, at least conceptually, this type of attack might be possible in Linux unless the usb drivers are specifically hardened against it.

Steve gave an update on the UPNP hack that could make your router vulnerable to having it's ports manipulated without your knowledge from the outside.  His port scanner application on his GRC server has now detected over 3000 routers of people who've tested their systems to be vulnerable to this attack.  One listener had a trojan that had been installed in his router and one had ALL it's external ports open.  If you haven't tested your external facing router, you may want to do so by going to the ShieldsUp service at grc.com.

Sincerely,

Ron



--

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity if I'm typing on the touch screen.

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com

More information about the Ale mailing list