Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


[Tinfoil Hat Edition] Chinese USB flash drive
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

[Tinfoil Hat Edition] Chinese USB flash drive

NihimNihim Member

So I bought a couple of 4G mini usb drives for my car stereo (accepts max 4G) and talking with some friends we joked about how my pc would become part of a botnet etc.

So I thought to take it a step further. Say the USB appears clean, is there even a way to make sure that it's not part of those drives with a modified firmware that contains malware in the rom / driver as showcased @ Defcon & to block it?

Bonus:

I did a surface scan for fun & got this: http://i.imgur.com/7diQnde.png

No idea how worried I should be about it in flash memory.

Comments

  • @Nihim said:
    is there even a way to make sure that it's not part of those drives with a modified firmware that contains malware in the rom / driver as showcased @ Defcon & to block it?

    Decompiling the firmware and plowing through it. This is like brain surgery though, you kind need previous experience to have any chance :)

  • Plus special tools I guess, that much was obvious from the article itself but wanted to check if there had been any breakthrough since then.

    So there is nothing but my "faith" in my chinese seller and his 1k+ sells of the item ;)

    Damn companies dropping less than 8GB size!

  • singsingsingsing Member
    edited October 2015

    Nihim said: is there even a way to make sure that it's not part of those drives with a modified firmware that contains malware

    No, there isn't.

    deadbeef said: Decompiling the firmware and plowing through it.

    And where do you get the firmware? By querying the device you suspect might be maliciously coded? A point of failure. (Actually this can work to some extent if you assume that they can't have modified the chip at the RTL level -and- that the chip's programming interface cannot be hijacked from the firmware side). But these are both big assumptions, modifying USB flash controller VHDL or Verilog files and fabrication with a cheap process is not out of reach for malware businesses.

    By the way, if you trust the chip and programming interface untamperability, then you can simply program on a known good firmware for the same chip and save the headache of analyzing the firmware that it shipped with. Unfortunately, databases cataloging these firmwares have not sprung up AFAIK, probably at least in part because of copyright issues.

  • An exploit targeted towards your car, running code when it reads mp3 files would be more fun! I don't think cars have virus scanning or regular firmware updates...

    Thanked by 1netomx
  • deadbeefdeadbeef Member
    edited October 2015

    @singsing said:
    And where do you get the firmware?

    Google: firmware snarfing

  • You should decide to use these devices based on whether the data on it is important to you or not. Chinese USBs usually contain malware or have fake memory.

    I would recommend trusted brands, such as the SanDisk Cruzer Blade 4GB USB 2.0 Flash Drive. I can find it online for only £2.99 (UK).

    Thanked by 1netomx
  • netomxnetomx Moderator, Veteran

    I was talking about this with some friends, how china sells electronics so cheap, they can ship a botnet in every router and cell phone

  • NihimNihim Member
    edited October 2015

    @Ishaq said:
    You should decide to use these devices based on whether the data on it is important to you or not. Chinese USBs usually contain malware or have fake memory.

    I would recommend trusted brands, such as the SanDisk Cruzer Blade 4GB USB 2.0 Flash Drive. I can find it online for only £2.99 (UK).

    I used the sandisk Cruzer Fit but they discontinued the 4GB model. Wherever I looked it was for like 20+ euro.

    The data on the usb is not important, music I can re copy. But the pc from where the music is loaded does contain important data! Btw I need a low usb like that cause otherwise I tend to hit which has already made the port and ex-usb a bit crooked.

    @netomx said:
    I was talking about this with some friends, how china sells electronics so cheap, they can ship a botnet in every router and cell phone

    Atleast the fitness wrist thingies have been confirmed to be partially botnets :P

    Thanked by 1netomx
  • Nihim said: I used the sandisk Cruzer Fit but they discontinued the 4GB model. Wherever I looked it was for like 20+ euro.

    Just because it's discontinued doesn't mean it's not for sale. Try Amazon or eBay.

  • TrafficTraffic Member
    edited October 2015

    netomx said: I was talking about this with some friends, how china sells electronics so cheap, they can ship a botnet in every router and cell phone

    Would it be worth it? Nowadays they can buy installs of their botnet at 1 cent each from many countries.

  • Traffic said: Would it be worth it? Nowadays they can buy installs of their botnet at 1 cent each from many countries.

    While i highly doubt anything like this happens (all hell would break loose if someone links that to the CN gov, would smash their export, GDP and country within some weeks as no one would buy chinese "high" tech anymore) in theory this does scale very far - imagine they just get a single contract to outfit an ex-monopoly or current monopoly ISP in a large country (like Germany, the US, France/UK....), that would mean easily a few hundred thousand to millions of new bots, if that would be implanted even deeper (chipset) that would go much further even.

    Thanked by 2Traffic lybxlpsv
  • netomxnetomx Moderator, Veteran

    @William said:

    You dont even have to look far: check the vulnerabilities of the zhone routers :/

    @Traffic said:

    Why not? Free botnets. The chinese routers (mor a1 and likes) have open telnet port on wan, with default passwords, you tell me

    Thanked by 1Traffic
  • @William and @netomx - very true. I failed to see how this was both better, cheaper and easier to manage than the average botnet.

    In fact they could very well be doing this already, but adding a delay in the system initialization. So the client (ISP or final Aliexpress/TaoBao/etc client) doesn't notice while checking the router after ordering.

  • @Ishaq said:

    As I said it exists in ebay but from what I 've seen with a quick look $20 on ebay, $30 on amazon...

  • singsingsingsing Member
    edited October 2015

    deadbeef said: Google: firmware snarfing

    Only works if the code is on a "dumb" external memory (and, again, you trust that the hardware itself has not been tampered with). For logic chips with built-in code memory, it is common to disable reading out the code directly through, e.g., ICSP to protect IP. Notice how a USB flash drive has not much else inside besides the NAND flash and the controller chip: http://blog.premiumusb.com/2009/12/inside-the-usb-a-dissection-in-a-flash/

  • for genuine cheap memory avoid ebay and go to the likes of http://www.mymemory.co.uk/

    they are trusted and cheap.

    Thanked by 1Nihim
  • @TarZZ92 said:
    for genuine cheap memory avoid ebay and go to the likes of http://www.mymemory.co.uk/

    they are trusted and cheap.

    10 euro (with shipping) for a 4GB mini size integral usb. But if it's better quality and more worry-free might be worth the extra 6.5 euro from the chinese one.

  • Nihim said: 10 euro (with shipping) for a 4GB mini size integral usb. But if it's better quality and more worry-free might be worth the extra 6.5 euro from the chinese one.

    i get ALL my memory from these guys, never once had a problem. the only downside really is the delivery because it comes from Switzerland so takes 3-4 days.

  • This: https://srlabs.de/badusb/

    Don't trust peripherals.

  • sinsin Member

    linuxthefish said: I don't think cars have virus scanning or regular firmware updates...

    Oh god I would hope not...can you imagine driving down the road only to have your airbag deploy and your car spin out with a robotic voice in the background saying "ESET CAR ANTIVIRUS - BRAKES.EXE QUARANTINED"

  • NeoonNeoon Community Contributor, Veteran

    11Bucks for 256GB from China, on EBay. Eh.

  • netomxnetomx Moderator, Veteran

    @Infinity580 said:
    11Bucks for 256GB from China, on EBay. Eh.

    I got refunded from Aliexpress, 128GB for $7... turned to be 128mb :P

  • @William said:
    all hell would break loose if someone links that to the CN gov, would smash their export, GDP and country within some weeks as no one would buy chinese "high" tech anymore

    Well, it's not like it's news that the Chinese government is up to no digital good. People like cheap stuff . . . at just about any "price". For better or worse, the world's economies are inexorably linked these days, it's not just China that would affected.

  • @Microlinux said:
    Well, it's not like it's news that the Chinese government is up to no digital good.

    In contrast to say, which government? :D

  • @netomx said:
    I got refunded from Aliexpress, 128GB for $7... turned to be 128mb :P

    Why would you ever think you could get 128GB for $7....

  • @deadbeef said:
    In contrast to say, which government? :D

    This is true!

    Thanked by 1deadbeef
  • netomxnetomx Moderator, Veteran

    @sc754 said:
    Why would you ever think you could get 128GB for $7....

    Well, I thought that it would be at least 4GB, and I could file a dispute, but 128MB?! really?!

  • Microlinux said: Well, it's not like it's news that the Chinese government is up to no digital good. People like cheap stuff . . . at just about any "price". For better or worse, the world's economies are inexorably linked these days, it's not just China that would affected.

    Sure - but there is a MAJOR difference between like producing "insecure" systems that can be exploited by them (and possibly others) like a default root pw that is not too complicated and delivering HW with a fixed Chinese gov malware. Plausible deniability, a major thing for such operations.

    (Note that i do not imply that the chinese gov hardcodes possible exploits into routers and alike, the coders and system designers in China just mostly suck)

Sign In or Register to comment.