USB flash (flash drive)

2023

Hackers have learned to steal data from secure USB drives in state systems

On October 17, 2023, Kaspersky Lab announced the identification of a new cybercriminal campaign called TetrisPhantom, aimed at stealing data from secure USB drives in state systems. The investigation suggests that the malicious operation is targeted.

Secure USB drives are used by government organizations to securely store and transfer data between different computer systems. Such devices contain a secure partition, which can only be accessed using special software, for example, UTetris, stored in an unencrypted part. This requires a password.

TetrisPhantom steals data from secure USB drives in state systems

The researchers found infected versions of UTetris embedded on secure USB drives. The attack includes various tools and methods, including software obfuscation (code obfuscation) based virtualizations on components, malware low-level communication with a USB device using direct SCSI commands, self-replication for implementation into other isolated systems, etc. The analysis indicates the complexity of the malicious tools used, which indicates a high qualification of attackers.

As part of the cyber campaign, various modules are used to execute commands, steal files and download additional malicious components. As of October 2023, the attack has been going on for several years. The victims of hackers, in particular, were the government structures of the countries of the Asia-Pacific region. Kaspersky Lab discovered and analyzed two malicious versions of the UTetris executable file: one was used between September and October 2022 (version 1.0), and the other appeared on government networks in the fall of 2022.^[1]

Hackers have learned to remotely install a virus on USB flash drives connected to a computer

In early June 2023, specialists from the Check Point Incident Response Team (CPIRT) reported the results of an investigation into a cyber incident in a European hospital. It showed that malicious activity was most likely not targeted, but was simply collateral damage from self-spreading Camaro Dragon malware that entered the system via USB drives. Read more here.

Criminals began sending out USB flash drives with explosives inside

On March 20, 2023, at least five journalists working for TV and radio stations in Ecuador were sent bomb letters with exploding flash key fobs.

A preliminary investigation found that deadly USB sticks were sent from Kinsaloma, a canton of Ecuador located in the province of Los Rios. The recipients of three such drives were media representatives in Guayaquil (one of the largest cities in Ecuador by population), and two more were journalists in the capital, Quito. Attackers allegedly placed RDX inside the devices - an explosive, which, in particular, is used in the manufacture of detonators. RDX is used for industrial blasting.

Inside the devices, criminals placed RDX

In Guayaquil, one of the recipients of the key fob, Lenin Artieda, suffered from a private TV station Ecuavisa: the flash drive exploded as soon as he inserted it into the computer. The journalist received minor injuries to his hands and face; no one else was hurt. According to the Minister of Internal Affairs of Ecuador, Juan Zapata, another accumulator filled with explosives was intercepted by the police at a courier company in Guayaquil and did not reach its destination. Prosecutors said that in another area in that city, a package containing the bomb was sent to TC Television's office. The Teleamazonas network in Quito later said it had also received explosive USB drives.

It is said that in at least one case, together with a flash drive, a note was sent to the recipient with threats in connection with his professional activities. Ecuadorian nonprofit Fundamedios, which advocates for press freedom, said the sending of flash drives containing the explosive represented an "escalation of violence against the media." Human rights organization CDH also condemned the attacks on journalists "in the context of the growing instability in Ecuador."^[2]

2019

Publish final USB4 specifications. The next step is to exit the devices

In early September 2019, the USB-IF organization published the final specifications of the USB4 standard, which provides data transfer (when using certified cables) at speeds up to 40 Gbps. This is double that of the previous version (USB 3.2 Gen 2x2).

USB4 will retain backward compatibility with all previous versions of the "universal serial bus," including USB 2.0 and USB 3.2, as well as Thunderbolt 3. Thus, manufacturers of computers and other equipment will not need to install new ports.

The USB4 standard has been approved, after which the release of devices with such ports will begin

Intel has already started building the new interface directly into the CPU. Devices powered by 10nm Core processors are expected to be among the first to pass USB4 certification. Since USB4, the company  has allowed everyone to use the interface for free.

The USB4 standard supports up to eight DisplayPort 1.2 lines and provides data exchange over four PCIe 3.0 lines.

Despite the approval of the final USB4 specifications, it will take some time to bring devices with this interface to market. As a rule, after the completion of work on the specifications, at least a year passes before the first devices appear. So the appearance of equipment with USB4 ports should be expected by the end of 2020.^[3]

In USB4, the technology has been improved: for example, if the user has a monitor that uses a video signal at 8 Gbps, the remaining 32 Gbps can be directed to other purposes.

The new USB standard should become more common than Thunderbolt 3 technology (USB4 is based on it) due to the peculiarities of certification. To release a device with Thunderbolt 3, you need to contact Intel directly. Although it is free, it slows down the process significantly: by March 2019, only 463 devices officially declared Thunderbolt 3 support, although the commercial use of this standard began in 2015. USB does not need to be certified, it will be easier for manufacturers to deal with it.

USB developer explained why the connector was asymmetrical

On June 21, 2019, one of the USB developers Ajay Bhatt spoke about the reasons why they decided to make the connector asymmetric. This problem annoys many users: you have to spend time inserting a flash drive or charging cable into a socket that is not visible.

According to Bhatt, the developers went purposefully to save money on this "biggest inconvenience" of USB. The technology where the plug is inserted into the socket in two positions would be twice as expensive, as it requires additional chips and wires.

A symmetrical connector would double its cost - it required more wires and chips

A cheaper option was chosen after negotiations with manufacturers of personal computers, for which the price issue was one of the main ones. It was thanks to the cheapness of the connectors that Apple released its first USB computer in 1998.

The patent for USB belongs to Intel - developing the interface, Bhatt worked for the company. He also created the PCI Express connector for motherboards.

The Intel team suggested making the USB connector round, but this option could be even worse. Ajay Bhatt admits that the technology could have been better.

Now, after time and taking into account all our accumulated experience, we, of course, understand that it [USB connector] turned out to be not as simple as it should have been... It took us time to prove that this technology cannot be done without, "Bhatt said in an interview with NPR.

USB has a symmetrical version of the connector - USB-C. The technology was introduced by the non-profit organization USB Implementers Forum in 2014.

Two years earlier, the Japanese  company Buffalo Technology solved the problem of an asymmetrical USB 2.0 connector. Its adapters, flash drives, adapters and USB hubs, the connectors of which are compatible with USB 2.0, use a movable partition that allows them to be inserted either side.^[4]

Approval of the USB4 standard; data transfer rate - up to 40 Gbps

In March 2019, the industry group USB Promoter Group approved a new USB standard that allows data transfer at speeds up to 40 Gbps.

USB4 will replace the USB 3.2 interface , which has a data transfer rate of 20 Gbps. In the case of USB 3.1 Gen 2, the maximum is 10 Gbps. The new technology is compatible with USB 3.2, USB 2.0 and Thunderbolt 3.

USB4 will be twice as fast as USB 3.2

Moreover, the Thunderbolt 3 specifications will form the basis of the USB4 due to the fact that Intel, as the owner, made them open to other companies.

The USB4 architecture defines a method of dynamically sharing a single high-speed connection between multiple end devices. The specifications of the new standard will optimize the flow of data for display, since the USB Type-C port has long been turned into a port for connecting monitors. To this end, a two-channel circuit will be used even with existing USB Type-C cables and several protocols to separate the streams of ordinary data and data for display.

When connected through a USB4, the device will be able to simultaneously charge and display an image through one cable. The interface supports charging at power up to 100 W, connecting up to two 4K displays with a refresh rate of 60 GHz or one 5K display.

According to the chairman of USB Promoter Group Brad Saunders, the main idea of ​ ​ the USB4 is to provide users with the "best solution" for transmitting information, audio/video signal and power. All possibilities, according to Saunders, will be combined in one interface.

The full set of USB4 specifications will be unveiled in mid-2019. The first devices and accessories to support the new standard are set to hit the market in 2020.^[5]

2018

USB devices pose a serious threat to industrial facilities

On November 9, 2018, Honeywell announced that, according to its research in the field of cyber defense, USB devices pose a serious threat to industrial facilities.

According to data obtained using Honeywell technologies for scanning and managing USB devices at 50 customer enterprises, in almost half of the cases (44%) at least one file that threatened security was identified and blocked. It was also found that 26% of identified threats could lead to significant violations, as a result of which operators could lose the ability to see or manage the progress of operations. Threats of varying severity have targeted a wide range of industrial facilities, including refineries, chemicals and pulp and paper plants around the world. Approximately one in six threats targeted industrial control systems or things-enabled devices Internet (). IoT

The threats turned out to be more serious than we expected. A general analysis of the results shows that some of these threats were targeted and intentional. The study confirms our long-term suspicions: the threats posed by USB drives to industrial enterprises are very real. Many of them can cause dangerous situations at facilities related to industrial production.

As a result of the study, a commercial report was compiled on exclusively protection against USB threats in the context of industrial production management. It examines data collected using Secure Media Exchange (SMX) technology, which was developed by Honeywell specifically for scanning and managing removable media, including USB drives. Among the detected threats were such resonant ones as TRITON and Mirai, as well as variants of the Stuxnet computer server, which was previously used by special services of different states to disrupt the work of industrial facilities. The comparative analysis also showed that traditional anti-malware tools could not detect up to 11% of the identified threats.

In a report on USB threats to industrial facilities, presented as a result of the study, Honeywell recommends that manufacturing enterprises use an approach that combines personnel training, changes to workflows, and the implementation of technical solutions to reduce risks arising from the use of USB devices.

IBM bans employees from using flash drives

In the near future, all IBM employees will receive the strictest ban on the use of any type of removable drives in their working practice. This was reported in May 2018 by the British portal The Register. The publication refers to a special consulting circular sent to the company's employees on behalf of Shamla Naidoo, head of the global information security department ^[6].

In his message, Shamla, in particular, notes that from now on the company "expands the practice of prohibiting data transfer using any type of portable removable devices, including USB drives, SD cards, flash drives of any type, etc."

The letter from the head of IBM's IT security also notes that the ban on removable drives is already in place in a number of departments of the company, but "in the next few weeks this practice will be implemented on a global scale."

2017: USB Type-C

The USB Type-C connector is called the golden mean between microUSB and Lightning due to its thin and symmetrical shape. Using this port, you can not only charge your smartphone, but also connect the device to a monitor, headphones and even flash drives. In 2017, the Samsung Galaxy S8 smartphone appeared on the market, which has a USB Type-C connector and a slot for a high-performance memory card.

2016: Fake USB chargers can steal all data from a smartphone

Specialists from Aries Security have found that using fake USB wires, hackers can intercept any data from the victim's smartphone. This can happen while the user displays an image from their device on TV or PC^[7].

This attack method is called Video jacking. Its essence is that when charging is connected to a smartphone, the spy device separates the image on the screen and records everything that happens. These can be passwords, pin codes, account numbers and more.

Experts noted that the vulnerability works on the majority Androidsmartphones-. In addition, you can record information from the screen on the company's devices. Apple

2014: USB as a comprehensive security risk?

Devices with a USB connector - flash drives, a mouse, a keyboard - can be used to hack into a computer, security experts from SR Labs found. And the point is not at all that malware will be recorded on the flash drive.

A new potential class of attacks against which existing defenses are useless was discovered in the summer of 2014 by Karsten Nol and Jacob Lell from Berlin's SR Labs, Reuters reported. This security research firm is known in particular for discovering gaps^[8] mobile technologies^[9]

The problem here is deeper, associated with the very principle of operation of USB devices. The controllers available in them - small microcircuits that control their operation - can be reprogrammed, and the malicious code is hidden, after which it will infect the computers to which these devices will be connected, the researchers explain. Significantly, the microcircuits themselves do not initially provide any code protection. "You won't be able to determine where the virus came from," Nol says. "It's almost a magic trick."

Researchers from SR Labs conducted experiments with such attacks, writing their own malicious code (they called it BadUSB) to USB chips for flash drives and smartphones. When connected to a computer, the reprogrammed USB device can emulate the keyboard, execute commands on behalf of the user, such as deleting files or installing programs. The malicious code recorded on it can, in turn, infect other devices that will be connected to the same computer. Finally, it is able to change the DNS settings of the computer, redirecting traffic to the external server. The researchers are going to make a report on the new threat, presenting evidence of a fundamental violation of USB security, at the upcoming Black Hat conference in Las Vegas (their presentation will be called "Bad USB - On Accessories that Turn Evil").

According to Nola, he would not be surprised to learn that intelligence organizations, such as the National Security Agency, have already figured out how to organize such attacks. A year ago, Reuters writes, Nol presented at Black Hat the results of a study of methods for remotely hacking SIM cards of mobile phones. And in December, from data released by Edward Snowden (a former NSA contractor), it turned out that intelligence used similar equipment for surveillance. NSA officials declined to comment to Reuters on this information.

There is no effective protection against USB attacks yet, according to SR Labs. Security tools such as antiviruses scan only software stored in the computer's memory and do not have access to proprietary software (firmware) that controls the operation of USB devices. Firewalls that block a particular class of devices do not yet exist. And behavioral control is difficult, since changes in the behavior of the infected device look like the user simply connected another device to the computer.

Finally, cleaning up the infected system will be very difficult. The standard method - reinstalling the operating system - is not suitable, since the USB drive from which the OS is reinstalled can also be infected, like other USB components. A device with malicious code can even replace the BIOS of a computer.

There is one point in the study of Nola and Lell, experts believe, which makes you listen to their conclusions, not counting them simply by the reasoning of theorists. The fact is that the infection can be directed in both directions: both from USB to a computer and back. Every time a device is included in a USB port of a computer, the proprietary software on it can be rewritten with malicious code on the PC, and it will not be easy for the owner of the device to detect this. Similarly, any USB device can infect any computer. "It works both ways," Nol says. "You can't trust anyone."

This new approach suggests that a USB device cannot be considered secure simply because its contents are pure from viruses. You can trust him only on condition that no one has ever touched him for bad purposes. "USB devices should be treated as infected and discarded immediately after they come into contact with an untrusted computer," Nol argues, since it is impossible to clean them. Alas, such paranoia kills the very idea of ​ ​ using flash drives, shared chargers for various gadgets and other high-tech toys, which everyone is used to treating quite carelessly.

2010

This was the beginning of the main story, but, as is usually the case with popular inventions, there is also an alternative story. M-Systems' priority is contested by two companies - China's Netac Technology and Singapore's Trek Technology; both are major manufacturers of this type of device.^[10]

Admittedly, Netac and Trek really released their products almost simultaneously with IBM, it is no coincidence that they still have endless litigation, some courts recognize their priority, others refuse.

There are many such controversial precedents in the history of technology, recall Popov and Marconi, Bell and Edisson, there are no winners in them, this kind of polemic does not end with anything. We add that at about the same time, Lexar offered Compact Flash cards that can be connected via USB. The bottom line is that neither M-Systems nor its opponents have done anything fundamentally new, but have put together already known technologies.

One way or another, it is undoubtedly recognized that in 1998, much earlier than others, the flash disk as a single product was proposed by Dov Moran, the founder of M-Systems. After that, for several years M-Systems tried to independently sell four models in Europe - at 8, 16, 32 and 64 MB - an unusual disk under the disgo trademark, which has not yet been made in the usual design design today, in the form of a small panel that is included directly into the USB port.

This is the design that was proposed by the Malay student Pua Hyun Seng, however, having no funds for his own company, he sold the idea to Toshiba Corporation. As a result, a real floppy killer was born. So on the border of millennia, a race started in which Asian manufacturers were able to offer less expensive solutions.

So, flash drives were not a discovery, this is just a composition of the known.

By the end of the 90s, two important components were already available, it remained to combine them, collecting together the EEPROM (Electrically Erasable Programmable Read-Only Memory - "electrically erasable reprogrammable ROM") data storage technology with a universal USB serial bus.

Today Flash drives are manufactured using NAND technology (NOR significantly slower), which is one of the versions of EEPROM, memory modules have a capacity of 8 MB to 64 GB, provide a shelf life of up to ten years and a guaranteed number of cycles over one million. Modern flash drives are compatible with USB 2.0, but cannot use the fully guaranteed speed of 480 Mbps due to technical limitations of NAND.

Convenient removable disks have radically changed the entire computer ecosystem, there are an incredible number of applications, including not quite desirable ones. Alas, along with the spread of flash drives, a new data theft streak has begun. As a tool for cybercrime, not only standard flash drives are used, but also a special device for hacking USB Switchblade, which does not require a running operating system, while offline it can extract passwords and other confidential information.

In 2006, M-Systems was sold to renowned memory card manufacturer SanDisk for more than $1.5 billion. Almost all of these funds went to Moran's accounts, but he did not stop his inventive activity. Moran himself attributes this to heredity: his grandfather and father, despite the tragic trials that fell to them, were also inventors. He puts himself on a par with Steve Jobs, Steve Ballmer, Larry Ellison and other high-tech leaders who were born in the 50s.

In 2007, Moran established Modu, guided by the ideas of the Modu 1 modular phone, a small device that would be able to connect to other devices.

Due to the crisis, Modu 1 came out later than the planned and without the environment for which it was designed. Therefore, attention was shifted to the minimalist Modu T model with a 2.2-inch touchscreen with a resolution of 240x320 pixels and a weight of about 40 grams, for which it was placed in the Guinness Book of Records as the world's lightest touchphone. To expand functionality, you can use removable fy modules (camerafy - with a 5-megapixel camera, sportfy - for sports, textify - with a QWERTY keyboard, etc.). Next up is the Modu W model, designed to work in Wi-Fi networks and supported by Skype.

See also

• USB 3.x

Notes