Welcome to BS CABLE CO., LTD
Tel:+86-13824145999| james@bscable.com.cn
Apple USB – C interface: vulnerable to malicious firmware attacks and intrusions
- Categories:Industry trends
- Author:
- Origin:
- Time of issue:2020-12-17
- Views:0
(Summary description)At the launch on March 9, Apple launched the new MacBook, with a multi in one USBC interface. Google then released a new chrome Book pixel, which also comes with USB C. This rhythm seems to tell us that in the near future, USBC will become the standard configuration.
Apple USB – C interface: vulnerable to malicious firmware attacks and intrusions
(Summary description)At the launch on March 9, Apple launched the new MacBook, with a multi in one USBC interface. Google then released a new chrome Book pixel, which also comes with USB C. This rhythm seems to tell us that in the near future, USBC will become the standard configuration.
- Categories:Industry trends
- Author:
- Origin:
- Time of issue:2020-12-17
- Views:0
At the launch on March 9, Apple launched the new MacBook, with a multi in one USBC interface. Google then released a new chrome Book pixel, which also comes with USB C. This rhythm seems to tell us that in the near future, USBC will become the standard configuration.
Of course, USB C has its strong points to conquer Apple Google, such as small size, no distinction between positive and negative, high transmission performance, high power, can be used as power interface and integrate more functional interfaces. But it also has some disadvantages, such as poor versatility. It can only do one job, that is, when you are charging, you don't want to do anything else with this interface. However, these details are far less serious than the security problems of the interface.
Potential risks of USB C
USB C is one of the interfaces based on USB standard. It is easy to be attacked and invaded by malicious firmware. In addition, the researchers are also concerned about the interface intrusion through direct memory access DMA. These bugs are not new things, but these potential dangers in a universal interface can not be said to be a terrible thing. In the past, if some users were worried about the invasion of USB virus, they would check the interface or directly throw it away and buy a new one. Now there is only one interface, and it is still used as a power interface. Therefore, it can not be as free as before, especially carrying some malicious programs on this interface, which is a very serious consequence.
Badusb attack method
At the 2014 black hat conference, there was an attack method called badusb, which allows malicious software to penetrate the network through USB devices. Even if the infected USB device is thrown away, the virus will be transmitted through the USB port of the victim's computer. This attack method puts USB security and USB related devices (including computers with USB ports) at risk. Although we know how to protect peripheral devices from attacks, such as built-in protection in UBS, computers are hard to avoid. Because computers generally accept USB interface, even if this USB has built-in protection function, that may not be available.
According to a recent report, apple allows third-party chargers to support the USBC interface. This will mean that there will be more infected USB interfaces and related devices. Just imagine, using badusb attack method, plus the multi-in-one USBC interface, each plug-in will spread the virus once. This scenario is chilling.
USBC can't crack bad USB
Despite the advantages of USBC, security experts say it can't crack bad USB attacks. Karsten NOHL, a researcher at badusb, said the versatility and extra openness of the USB C interface made it face more attack surfaces. Even if it's a new interface, it doesn't respond to bad USB attacks. To some extent, the open standard of USB is necessary. It is not only backward compatible, but also open to the third party. For example, if you use USB C adapter to work with old USB devices, the old software still supports USBC. Even the giants like apple and Google also need to comply with the USB protocol standards. Only in this way can we maintain the stability of the entire USB ecosystem. However, the price of this stability is the risk of security vulnerabilities that users need to face.
Specifically, users of new MacBook and chromebook pixel need to face an attack risk called "borrowing charger". Although the new interface USB C doesn't have the firmware of badusb virus, malicious hackers will install it by themselves, and then find a reason by looking for targets in the coffee shop, charging or transferring data with the new interface.
Protect your charger
It seems unlikely to fix this vulnerability at the ecosystem level. There will not be a huge USB alliance that can be changed by one company. The most practical way should be to leave the USB standard. Earlier, apple built some authentication chips into connectors such as lightning interface, although it was mainly to protect Apple's profitable licensing business, it also provided strong hardware security. This kind of hardware security is impossible for open USB. It is worth noting that although Apple requires all chargers to bind the authentication chip with tamper proof firmware, it becomes very vulnerable when facing old devices because hackers can fake USB devices into old USB devices and then infect them with viruses.
In conclusion, to avoid the risk of USB C or bad USB attack, it's very simple to refuse to use any USB interface that doesn't belong to you. Of course, using this simple and crude low-level security means is insulting the progress of science and technology. In other words, although the new interface brings convenience, the cost is always worrying about which chargers are trustworthy. Is this progress? Anyway, protect your charger.
Scan the QR code to read on your phone
Related information
WRITE A MESSAGE TO US
- Service
- Tel +86-0756-7686882
- Back top
Online feedback:
Quick Links:
Contact Us:
Tel: 86-756-7686881
Mobile: 86-13824145999
Email: James@cs-zh.cn
Address: No.3 workshop, Zhongye Industrial Zone, Xinqing Science and Technology Industrial Park, high tech Zone, Doumen District, Zhuhai City, Guangdong Province
Copyright © 2020 Chengsen 粤ICP备10046814号 All Rights Reserved Powered by : www.300.cn zhuhai