New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[Tinfoil Hat Edition] Chinese USB flash drive
So I bought a couple of 4G mini usb drives for my car stereo (accepts max 4G) and talking with some friends we joked about how my pc would become part of a botnet etc.
So I thought to take it a step further. Say the USB appears clean, is there even a way to make sure that it's not part of those drives with a modified firmware that contains malware in the rom / driver as showcased @ Defcon & to block it?
Bonus:
I did a surface scan for fun & got this: http://i.imgur.com/7diQnde.png
No idea how worried I should be about it in flash memory.
Comments
Decompiling the firmware and plowing through it. This is like brain surgery though, you kind need previous experience to have any chance
Plus special tools I guess, that much was obvious from the article itself but wanted to check if there had been any breakthrough since then.
So there is nothing but my "faith" in my chinese seller and his 1k+ sells of the item
Damn companies dropping less than 8GB size!
No, there isn't.
And where do you get the firmware? By querying the device you suspect might be maliciously coded? A point of failure. (Actually this can work to some extent if you assume that they can't have modified the chip at the RTL level -and- that the chip's programming interface cannot be hijacked from the firmware side). But these are both big assumptions, modifying USB flash controller VHDL or Verilog files and fabrication with a cheap process is not out of reach for malware businesses.
By the way, if you trust the chip and programming interface untamperability, then you can simply program on a known good firmware for the same chip and save the headache of analyzing the firmware that it shipped with. Unfortunately, databases cataloging these firmwares have not sprung up AFAIK, probably at least in part because of copyright issues.
An exploit targeted towards your car, running code when it reads mp3 files would be more fun! I don't think cars have virus scanning or regular firmware updates...
Google: firmware snarfing
You should decide to use these devices based on whether the data on it is important to you or not. Chinese USBs usually contain malware or have fake memory.
I would recommend trusted brands, such as the SanDisk Cruzer Blade 4GB USB 2.0 Flash Drive. I can find it online for only £2.99 (UK).
I was talking about this with some friends, how china sells electronics so cheap, they can ship a botnet in every router and cell phone
I used the sandisk Cruzer Fit but they discontinued the 4GB model. Wherever I looked it was for like 20+ euro.
The data on the usb is not important, music I can re copy. But the pc from where the music is loaded does contain important data! Btw I need a low usb like that cause otherwise I tend to hit which has already made the port and ex-usb a bit crooked.
Atleast the fitness wrist thingies have been confirmed to be partially botnets :P
Just because it's discontinued doesn't mean it's not for sale. Try Amazon or eBay.
Would it be worth it? Nowadays they can buy installs of their botnet at 1 cent each from many countries.
While i highly doubt anything like this happens (all hell would break loose if someone links that to the CN gov, would smash their export, GDP and country within some weeks as no one would buy chinese "high" tech anymore) in theory this does scale very far - imagine they just get a single contract to outfit an ex-monopoly or current monopoly ISP in a large country (like Germany, the US, France/UK....), that would mean easily a few hundred thousand to millions of new bots, if that would be implanted even deeper (chipset) that would go much further even.
You dont even have to look far: check the vulnerabilities of the zhone routers
Why not? Free botnets. The chinese routers (mor a1 and likes) have open telnet port on wan, with default passwords, you tell me
@William and @netomx - very true. I failed to see how this was both better, cheaper and easier to manage than the average botnet.
In fact they could very well be doing this already, but adding a delay in the system initialization. So the client (ISP or final Aliexpress/TaoBao/etc client) doesn't notice while checking the router after ordering.
As I said it exists in ebay but from what I 've seen with a quick look $20 on ebay, $30 on amazon...
Only works if the code is on a "dumb" external memory (and, again, you trust that the hardware itself has not been tampered with). For logic chips with built-in code memory, it is common to disable reading out the code directly through, e.g., ICSP to protect IP. Notice how a USB flash drive has not much else inside besides the NAND flash and the controller chip: http://blog.premiumusb.com/2009/12/inside-the-usb-a-dissection-in-a-flash/
for genuine cheap memory avoid ebay and go to the likes of http://www.mymemory.co.uk/
they are trusted and cheap.
10 euro (with shipping) for a 4GB mini size integral usb. But if it's better quality and more worry-free might be worth the extra 6.5 euro from the chinese one.
i get ALL my memory from these guys, never once had a problem. the only downside really is the delivery because it comes from Switzerland so takes 3-4 days.
This: https://srlabs.de/badusb/
Don't trust peripherals.
Oh god I would hope not...can you imagine driving down the road only to have your airbag deploy and your car spin out with a robotic voice in the background saying "ESET CAR ANTIVIRUS - BRAKES.EXE QUARANTINED"
11Bucks for 256GB from China, on EBay. Eh.
I got refunded from Aliexpress, 128GB for $7... turned to be 128mb :P
Well, it's not like it's news that the Chinese government is up to no digital good. People like cheap stuff . . . at just about any "price". For better or worse, the world's economies are inexorably linked these days, it's not just China that would affected.
In contrast to say, which government?
Why would you ever think you could get 128GB for $7....
This is true!
Well, I thought that it would be at least 4GB, and I could file a dispute, but 128MB?! really?!
Sure - but there is a MAJOR difference between like producing "insecure" systems that can be exploited by them (and possibly others) like a default root pw that is not too complicated and delivering HW with a fixed Chinese gov malware. Plausible deniability, a major thing for such operations.
(Note that i do not imply that the chinese gov hardcodes possible exploits into routers and alike, the coders and system designers in China just mostly suck)