Meet USBee, the malware that uses USB drives to covertly jump airgaps

Discussion in 'other security issues & news' started by lotuseclat79, Aug 30, 2016.

  1. lotuseclat79

    lotuseclat79 Registered Member

    Jun 16, 2005
    Meet USBee, the malware that uses USB drives to covertly jump airgaps

    Related: Researchers have replicated one of the NSA’s scariest hacking tools

    -- Tom
    Last edited: Aug 31, 2016
  2. Gullible Jones

    Gullible Jones Registered Member

    May 16, 2013
    USBee looks pretty specialized. More designed to assist espionage jobs already equipped with expensive gadgetry. Now, if they could fiddle with it to allow two-way communication...

    Seems to me the way to deal with this would be an airgapped internal network, with a bastion machine. Removable drives would always be connected to the bastion, and files served to the other machines by SSH or something. The network would otherwise be completely isolated, and USB ports on non-bastion computers preferably stuffed with glue or something.

    (There a probably a dozen ways around that, but at least it an additional weaker layer of isolation for the important machines.)

    For civilian/desktop stuff though... I'm increasingly convinced that the best way to deal with USB threats is, basically, hygiene. Keep your USB sticks to your own computers, and don't let anyone else stick theirs in your computer. Preferably use a UUID or partition label mount entry, instead of pmount or udisks; that way OS level malware can't be auto-loaded if someone gets bold or stupid.

    Some day we'll hopefully have a vaccine; for now, we have to be diligent about washing our hands.

    (Funny too, I used to be annoyed by Linux/BSD not having universal USB automount. In hindsight, its addition now seems like a mistake.)