Firmware Attacks via USB Your Charging Cable - a Security Risk?
Today, companies spend tremendous amounts of money on IT security, namely on identity and access management, cloud security or device management. However, attacks are increasingly – and often unnoticed – targeted at hardware and firmware. A simple charging cable can become a security risk.
Today, many things we touch also serve as or integrate a computer. In addition, some devices even talk to others over the Internet (Internet of Things/IoT). No wonder the risk of attacks is increasing. But even without IoT, attacks from device to device are an issue. There is, for example, an unmanageable variety of USB devices. More than stupid block devices, they all include a mini computer with their own and modifiable firmware. This means that they can be infected and used as a vehicle, for example, to attack the firmware of a specific device. The same is true for SD memory cards. While the problem is not a new one, it is getting continuously worse due to the high number of open source projects and the popularity of USB. USB devices are a particularly good target. As their own firmware is now usually outside of the ROM, they are attackable; there are no security mechanisms in place. Virus scanners cannot access firmware. A BIOS and firmware will remain infected, even after a reinstallation of the OS. Therefore, once the firmware of a computer or a USB stick is infected, the device can no longer be trusted.
A variety of targets and high damage potential
Firmware attacks via USB open up many possibilities. Why not hack a host system and change it, i.e. extend its functionality, deblock it to enable theft or use it to initiate sabotage? Why not install Trojans (on OS or BIOS level or in other firmware), send out information and documents, change network settings (DNS) or install backdoors to spy on users or companies? The targets are just as varied: computer components such as hard disks, CPU, BIOS, network/WiFi/USB controller, but also (ASDL) router, home automation systems, means of transportation, production facilities and power plants contain a variety of firmware.
Hard to identify and to fend off
Firmware attacks are hard to identify and, so far, even harder to fend off. One solution is to make such attacks more difficult by raising awareness and, for example, making sure that the USB devices used come from reliable sources and are solely connected to trusted devices. Another option is to produce USB devices that disable the manipulation of firmware by means of hardware limitations. Also, it is possible to block USB ports, deactivate them on a configuration level or limit them on a functional level (managed endpoints).
To identify or limit the damage of firmware attacks or, at least, their consequences (such as non-authorized transactions with stolen identities), it is recommended monitoring and evaluating user patterns as well as analyzing logs by means of realtime analytics.