Jump to content

Search the Community

Showing results for tags 'toecker'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. CANCUN – BadUSB was the hot hack of the summer of 2014. Noted researcher Karsten Nohl delivered a talk at Black Hat during which he explained how USB controller chips in peripheral devices that connect over USB can be reprogrammed. The result is a completely compromised device hosting undetectable code that could be used for a number of malicious purposes, including remote code execution or traffic redirection. While the situation is bad enough for IT systems that would be in line for serious data loss, would the affect be similar on the processes under the watch of industrial control systems? Today at the Kaspersky Lab Security Analyst Summit, Michael Toecker of Context Industrial Security delivered what he termed a public service announcement in which he explained how a riff on BadUSB attacks could indeed be carried out against industrial equipment. While the risks are still admittedly theoretical, Toecker reported that USB-to-serial converters used to connect to critical hardware via old-school nine-pin serial ports can be abused to manipulate ICS gear by installing reprogrammed firmware. “Engineers trust these [serial] connections more than Ethernet in ICS; if they have a choice, they pick serial vs Ethernet, because they trust that,” Toecker said. “What engineers don’t see is that bump in the wire that could be programmed maliciously, Telnet over two wires. That’s what thought of when I heard about BadUSB.” To test his theory, Toecker said he bought 20 different USB-to-serial converters online, ripped them apart and used a number of resources to try to figure out whether the chips inside them could be reprogrammed BadUSB style. Of the 20, he learned that 15 from ATMEGA, FTDI, WCH, Prolific and SiLabs, were essentially not re-programmable. “It wasn’t as bad as I thought,” Toecker said. “I was not able to change the underlying functionality via USB ports.” Of the remaining converters, a processor from Texas Instruments, the TUSB 3410 was reprogrammable, making it a definite risk, Toecker said. An attacker who is able to modify firmware will be able to maintain persistence on a system, run code, or deny attempts to update existing issues on the chip. In the case of the TUSB 3410, the chip has two modes of operation, Toecker said; one is where firmware is pulled from a chip on the board, or another where firmware is pulled from a driver on the host machine. “Drivers installed on the host will provide firmware to the device and then run that firmware and do what it’s supposed to do after that,” Toecker said. “That’s the badness of BadUSB.” BadUSB, for example, continues to propagate because it is persistent on the chip and undetectable. Mitigating the risk with USB-to-serial converters is that an attacker would have to be on an ICS system hosting the drivers. “If you were to plug that USB-to-serial converter into anything else, it would not function because you did not have the correct drivers. But if you did have the correct drivers it would then go through the same process but provide good firmware,” Toecker said. “You have to own the host that’s on it. This is why it’s of a less severity of a normal BadUSB infection.” Source
×
×
  • Create New...