Intel debugging interface vulnerable to USB attacks

 New Intel processors contain a debugging interface accessible via USB 3.0 ports that can be used to obtain full control over a system and perform attacks that are undetectable by current security tools. A talk on the mechanisms needed for such attacks and ways to protect against them was given by Positive Technologies experts Maxim Goryachy and Mark Ermolov at the 33rd Chaos Communication Congress (33C3) in Hamburg, Germany. […]


Some background on these interfaces:



Qubes 3.2 released


Excerpting information about the new 3.2 “USB passthrough” feature from the announcement blog post:

[…] In Qubes 3.2, we’re also introducing USB passthrough, which allows one to assign individual USB devices, such as cameras, Bitcoin hardware wallets, and various FTDI devices, to AppVMs. This means that it’s now possible to use Skype and other video conferencing software on Qubes! Qubes has supported the sandboxing of USB devices since the very beginning (2010), but the catch has always been that all the USB devices connected to the same USB controller had to be assigned to the same VM. This limitation was due to the underlying hardware architecture (specifically, PCIe and VT-d technologies). We can now get around this limitation by using software backends. The price we pay for this, however, is increased attack surface on the backend, which is important in the event that several USB devices of different security contexts are connected to a single controller. Sadly, on laptops this is almost always the case. Another potential security problem is that USB virtualization does not prevent a potentially malicious USB device from attacking the VM to which it is connected. These problems are not inherent to Qubes OS. In fact, they pose an even greater threat to traditional, monolithic operating systems. In the case of Qubes, it has at least been possible to isolate all USB devices from the user’s AppVMs. The new USB passthrough feature gives the user more fine-grained control over the management of USB devices while still maintaining this isolation. Nonetheless, it’s very important for users to realize that there are no “automagical” solutions to malicious USB problems. Users should plan their compartmentalization with this in mind. We should also mention that Qubes has long supported the secure virtualization of a certain class of USB devices, specifically mass storage devices (such as flash drives and external hard drives) and, more recently, USB mice. Please note that it is always preferable to use these special, security-optimized protocols when available rather than generic USB passthrough. […]


SPYRUS secure USB drives in some Microsoft Surface devices

Recently SPYRUS, Inc. announced the integration of their NIST 140-2 Level 3 secure USB 3.0 drive family with Microsoft Surface Pro devices.

“SPYRUS is currently the only manufacturer of hardware encrypted Windows To Go products that have successfully integrated support with the Microsoft Surface Pro family of tablets.  The unique feature set, to include provisioning support to boot the Windows To Go in UEFI Secure Boot mode, in conjunction with FIPS 140-2 Level 3 certification sets a new standard for security features and performance,” said Tom Dickens, SPYRUS COO. “Use cases for these smart drives also dovetail perfectly with the rapidly emerging requirements for collaboration, secure data storage, secure mobile computing, and secure devices with auditable cybersecurity.”

http://www.spyrus.com/windows-to-go-live-drives and http://www.spyrus.com/encrypting-usb-storage/

SPYRUS Announces Integration of Windows to Go and P-3X Product Lines with Microsoft Surface Pro 3 and 4


USB Killer 2.0

As reported by Toms Hardware and other news sources, a new company in Hong Kong is selling a USB-frying unit called “USB Killer 2.0”, and a “USB Killer Test Shield”.


“Temporarily Out of Stock.”



Dan goodin has an article on Ars about some BadUSB-like malware:

Meet USBee, the malware that uses USB drives to covertly jump airgaps

In 2013, a document leaked by former National Security Agency contractor Edward Snowden illustrated how a specially modified USB device allowed spies to surreptitiously siphon data out of targeted computers, even when they were physically severed from the Internet or other networks. Now, researchers have developed software that goes a step further by turning unmodified USB devices into covert transmitters that can funnel large amounts of information out of similarly “air-gapped” PCs. The USBee—so named because it behaves like a bee that flies through the air taking bits from one place to another—is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth. That tool had to be outfitted with a hardware implant in advance and then required someone to smuggle it into the facility housing the locked-down computer being targeted. USBee, by contrast, turns USB devices already inside the targeted facility into a transmitter with no hardware modification required at all. “We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle,” researchers from Israel’s Ben-Gurion University wrote in a research paper published Monday. “Unlike other methods, our method doesn’t require any [radio frequency] transmitting hardware since it uses the USB’s internal data bus.”






“FaceWhisperer: USB host add-on for the ChipWhisperer side-channel analysis tool.

FaceWhisperer is a hardware add-on for the ChipWhisperer side-channel analysis tool, for working with devices that primarily communicate over USB. The goal is to create a USB host controller scripted with an experiment, all running totally synchronous with the target. This should give predictable timing each time the experiment is run from a target reset. The (untested) goal is to use standard USB requests as a data exfiltration method while glitching the device code that fulfills these requests. […]