USB Type-C is still susceptible to its predecessor's flaws

[Shawn Knight]

It’s been years in the making but USB Type-C finally made its grand entrance this past week on Apple’s new MacBook and Google’s new Chromebook Pixel 2 a day later. While it’s great to finally see the successor to modern-day USB, there’s plenty to keep the security conscious among us up at night.

For starters, we have to be cognizant of the fact that USB Type-C is still based on the USB standard which means it’s still susceptible to all of the same nasty attacks that today’s solutions are. Things like the BadUSB malware aren’t exactly new but what is new is the inclusion of power over USB.

For those not aware, the USB Type-C port combines data and power into a single connection. As The Verge points out, those truly paranoid about exploitation would simply put a piece of tape over their USB port. Now that the port doubles as the power connection, that’s no longer an option.

BadUSB is particularly worrisome as it takes advantage of a fundamental flaw in the way USB works. There are some USB drives that now protect against this flaw but the vast majority of drives and computers remain wide open.

One of the researchers that first uncovered the flaw, Karsten Nohl, said there is no solution even in sight with USB Type-C. That makes sense considering the fact that USB is open and built on the concept of backwards compatibility.

With power being supplied over USB, there now exists the possibility of infecting a charger. Unlike USB sticks, it’s entirely plausible that people will “borrow” a charger from someone in a coffee shop or even a “friend.” Once a system is infected, said infection could spread to every charger the computer comes in contact with, thus casting what could wind up being a massive web of infection.

Permalink to story.

https://www.techspot.com/news/60073-usb-type-c-susceptible-predecessor-flaws.html

 

[Skidmarksdeluxe]

I don't get this. How can you infect a 220V wall charger which is just a step-down transformer in it's basic form with a virus? How can such a thing retain any data? It has no AI.

 

[oldikes]

I don't get this. How can you infect a 220V wall charger which is just a step-down transformer in it's basic form with a virus? How can such a thing retain any data? It has no AI.

you can hide a tiny little chip in it pretty easily...................

 

[p51d007]

I don't get this. How can you infect a 220V wall charger which is just a step-down transformer in it's basic form with a virus? How can such a thing retain any data? It has no AI.

Knock off's don't, but some computer wall adapters have a circuit board inside. I know if you hook a knock off battery into some Dell models, it won't recognize the battery/charger. With the space inside a wall adapter, it would be easy to hide some small chip to infect a machine.
I DON'T like the idea of using the usb-c port to charge the laptop.

 

[Kibaruk]

I don't get this. How can you infect a 220V wall charger which is just a step-down transformer in it's basic form with a virus? How can such a thing retain any data? It has no AI.

Well it actually does have certain data, for example iCraps know they are connected to an official charger thanks to that. So yes they could actually do that.

Now why the topic goes above and beyond to comment on this makes no sense.

 

[Nima304]

Said chargers would have to have microprocessors capable of carrying and deploying malware, though. Just like all USB drives can't be infected with BadUSB, I doubt very many chargers have the hardware necessary to be infected with malware.

 

[SuperVeloce]

Chargers from the likes of Apple and Dell are always put apart by someone who knows what he is looking at. Those "smart" adapters would be known to general public and fiasco would ensue. Thing is, not enough people care. It's the same with those preloaded apps on new laptops. Before this thing with Lenovo blew apart, nobody cared about that.

 

[hahahanoobs]

Panda Cloud AV has the ability to "Vaccinate USB drives". Could AV's use that same concept and include the ability to vaccinate chargers?

Edit:
I misunderstood how this works...

"They spent months reverse engineering the firmware that runs the basic communication functions of USB devices—the controller chips that allow the devices to communicate with a PC and let users move files on and off of them. "

"But unless the IT guy has the reverse engineering skills to find and analyze that firmware, “the cleaning process doesn’t even touch the files we’re talking about.”
http://www.wired.com/2014/07/usb-security/

"With power being supplied over USB, there now exists the possibility of infecting a charger."
^Where can I find more information on this scenario?

 

[Skidmarksdeluxe]

Well it actually does have certain data, for example iCraps know they are connected to an official charger thanks to that. So yes they could actually do that.

Now why the topic goes above and beyond to comment on this makes no sense.

I can understand such an event could take place if you charge your device from someone elses computer, but a standalone travel charger???

 

[lipe123]

I don't really get the big deal.

Firmware cannot be reprogrammed on 99% of devices like usb drives/keyboards/etc. When have you ever heard of a firmware upgrade for these things?
So how exactly is this going to spread?

Maybe if the factory that manufactures these devices got a batch of modified chips that would be a way to infect machines but thats hardly the same as a random hacker infecting a usb stick and leaving it in a public place to spread the virus to everyone from there.

Also why can the usb drivers not be updated to stop code from being executed?

How can it be possible to run a program on a computer regardless of who initiates it without the anti virus seeing it run in the ram?

If it really was that easy to execute there would have been millions of infected computers by now.

 

[Kibaruk]

Firmware cannot be reprogrammed on 99% of devices like usb drives/keyboards/etc. When have you ever heard of a firmware upgrade for these things?

This tells me you've never had an expensive usb device in your life, just as an example a small cheap razr mouse does get firmware updates, so does drives, keyboards, etc). And it's not just for high-end hardware, cheaper ones also have firmwares, they need information on what they are and how will they connect to your computer.

Maybe if the factory that manufactures these devices got a batch of modified chips that would be a way to infect machines but thats hardly the same as a random hacker infecting a usb stick and leaving it in a public place to spread the virus to everyone from there.

It wouldn't have to be a "factory manufacturer" in a "batch of modified chips", all it takes is a single computer virus to add a couple lines to your usb device firmware.

I can understand such an event could take place if you charge your device from someone elses computer, but a standalone travel charger???

The standalone travel charger does have information, is what I told you before http://gizmodo.com/5945889/some-third-party-adapters-might-not-work-with-your-new-iphone/all

And this is just an example, there are smarter chargers already in the market, specially the "fast" charging ones.

 

[Docus]

But can you plug it in without figuring which side is up? that's the real question

 

[lipe123]

This tells me you've never had an expensive usb device in your life, just as an example a small cheap razr mouse does get firmware updates, so does drives, keyboards, etc). And it's not just for high-end hardware, cheaper ones also have firmwares, they need information on what they are and how will they connect to your computer.



It wouldn't have to be a "factory manufacturer" in a "batch of modified chips", all it takes is a single computer virus to add a couple lines to your usb device firmware.



The standalone travel charger does have information, is what I told you before http://gizmodo.com/5945889/some-third-party-adapters-might-not-work-with-your-new-iphone/all

And this is just an example, there are smarter chargers already in the market, specially the "fast" charging ones.

I own both a programmable keyboard and mouse, and know very well that certain devices like that can be reprorgammed. now how many business/office/regular home computers have these? I'll answer for you - NONE

Next up, reprogram the firmware on a usb flash drive? are you familiar with eeprom and eprom? Why the HELL would you pay for an expensive eeprom for a usb flash drive that never needs to be reprogrammed when instead you can purchase a bath of 1000 eproms pre-programmed and ready to use for a fraction of the cost?

not only did you ignore my biggest concern, that code cannot execute without being scanned by anti virus, but you also wildly misinterpret the amount of devices thats actually vulnerable to this.
VERY VERY few devices have the option to change their firmware, thats why its called FIRM-ware in the first place!

Finally like I said before, if it was this easy and undetectable there would be wild panic all over like we saw with heartbleed etc. The fact that no one gives 2 shizz about this is because its such a niche attack and needs physical access to firmware etc that its practically pointless.

 

[Kibaruk]

It's as simple as having a day 0 virus or vulnerability in some of your software in your machine, that the anti-virus won't catch and you are infected, as simple as that.

Why the HELL would you pay for an expensive eeprom for a usb flash drive that never needs to be reprogrammed when instead you can purchase a bath of 1000 eproms pre-programmed and ready to use for a fraction of the cost?

Because that's how it will spread, it doesn't have to be from the manufacturer (It's a lot of work of course, NONE of these things are easy nor intuitive and I never said so, and this is why so many state-of-the-art viruses are so sofisticated).

 

[Guest]

Gents, and ladies, you are missing the point here. It's about money and nothing else. Why would Apple give you a nice laptop with a decent array of USB ports when they can give you just ONE port and then if you want more - and definitely you want more - the option to BUY an adapter ... seriously, this is how you make money ... remove a nice and convenient feature and make it optional

 

[cliffordcooley]

For those not aware, the USB Type-C port combines data and power into a single connection.

USB has always had data and power. The amount of power has raised a bit is all.

As The Verge points out, those truly paranoid about exploitation would simply put a piece of tape over their USB port.

We are talking about a USB port not a camera. And if the tape is to hide the port from view, I'm not stupid enough to think I couldn't pull the tape off to gain access. Tell me how putting a piece of tape over a USB port is going to stop an exploit.

Now that the port doubles as the power connection, that’s no longer an option.

Why exactly would having additional power on a port, make you think you can no longer put tape across the port?

 

[SNGX1275]

Gents, and ladies, you are missing the point here. It's about money and nothing else. Why would Apple give you a nice laptop with a decent array of USB ports when they can give you just ONE port and then if you want more - and definitely you want more - the option to BUY an adapter ... seriously, this is how you make money ... remove a nice and convenient feature and make it optional

If you need boatloads of expansion ports you buy a computer that has those. If you do not need them, why pay for them at the expense of size and weight? If you need those extra ports this isn't the device for you. I'm not sure why so many people have a hard time grasping this concept.