Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
USBee Malware Turns Regular USB Connectors into Data-Stealing Weapons.
#1
USBee Malware Turns Regular USB Connectors into Data-Stealing Weapons
USBee attack inspired by NSA's COTTONMOUTH cyber-weapon

Researchers from the Ben-Gurion University in Israel have discovered a novel method of using USB connectors to steal data from air-gapped computers without the need of special radio-transmitting hardware mounted on the USB.

Their attack scenario relies on infecting a computer with malware they've created calledUSBee.

An NSA cyber-weapon inspired the research
Researchers said that NSA cyber-weapons inspired their research, namely, theCOTTONMOUTH hardware implant included in a catalog of NSA hacking tools leaked by Edward Snowden via the DerSpiegel German newspaper.
USBee is superior to COTTONMOUTH because it does not need an NSA agent to smuggle a modified USB connector/dongle/thumb drive into the location from where they want to steal data, nor does it involve implants in USB firmware and drivers to work.
The malware created by researchers can be spread like regular computer malware, and once it reaches a high-value target, it will work with any USB connector plugged into the computer, regardless if it's an USB dongle, thumb drive, or cable interconnecting the PC with a nearby device.

USBee steals data via electromagnetic emissions
In a simple explanation of the attack, the USBee malware sends hidden commands to the USB connector's data bus, which gives out electromagnetic emissions as it is processing the commands.
Researchers have found a series of operations that can make the USB's data bus give off electromagnetic emissions at two very different frequencies, which they use to represent binary "1" and "0."
The malware takes information it wants to steal, breaks it down to its 1-s and 0-es, and then transmits the data via the USB connector, to a nearby radio antenna.

The first "weird" data-theft attack to be feasible in real life
In the past, the same researchers from the Ben-Gurion University have created attacks that steal data from air-gapped PCs using the sounds emanated by a computer's GPU fan (Fansmitter attack); that can steal data using HDD sounds (DiskFiltration attack); that can steal data using the heat given off by a computer's internal components (BitWhisper attack); and attacks that can steal data using a computer's coil whine noise and overall electromagnetic field.
All these scenarios mentioned above have very small transmission speeds, usually no more than 10 bits per minute, and can send data to a very short distance, usually at maximum 3-5 meters.
USBee can transmit data up to 80 bytes per second, and at larger distances than all previous attacks (researchers did not specify maximum distance in meters).
This breakthrough makes USBee the first theoretical attack the team developed that can be deployed in real-world scenarios right away and be effective.

Source: http://news.softpedia.com/news/usbee-mal...7918.shtml
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Nordic Choice Hotels Turns Ransomware Attack into Success Story mrtrout 0 641 01-18-2022 , 11:18 PM
Last Post: mrtrout
  Password-Stealing Windows Malware has been Discovered mrtrout 0 748 07-24-2021 , 02:32 AM
Last Post: mrtrout
  U.S. DOJ warns of fake unemployment benefit websites stealing data Bjyda 0 972 03-07-2021 , 10:59 PM
Last Post: Bjyda
  U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures Bjyda 0 831 03-07-2021 , 12:16 AM
Last Post: Bjyda
  Hackers hit NutriBullet website with credit card-stealing malware sidemoon 0 1,347 03-18-2020 , 06:48 PM
Last Post: sidemoon

Forum Jump:


Users browsing this thread: 1 Guest(s)