Products > Computers

Electronics companies putting virus's onto USB sticks

<< < (11/11)

dietert1:

--- Quote from: janoc on October 29, 2021, 10:28:04 pm ---..
(to the person who thinks that their Chinese lamp is trying to hack their Windows - nope, what you are seeing is just Windows attempting to enumerate an USB device and failing at it because the lamp most likely  isn't really talking to the computer at all, only drawing power from the port. All you need for Windows to detect something being connected is a pull-up resistor on one of the data lines.)

--- End quote ---
So, you think there is that pull-up resistor but nothing else. Then the pull-up resistor should not be there. The more plausible scenario is a chip in the lamp to ask for a certain power level. I guess the lamp is chipped and we should be aware of that. The only conclusion can be: Don't use USB lamps in office.

Regards, Dieter

Just_another_Dave:

--- Quote from: golden_labels on October 30, 2021, 02:46:46 am ---While Just_another_Dave’s explanation is delivering the right message, two things need to be clarified.

Whether the IP address is changing with modem reset depends on ISP’s policies. They may, they may not. Even if the address changes, enumerating the entire IPv4 address space is just a few minutes in 2020s.

While NAT accidently provides some level of protection, it is not a firewall. It has never been designed to prevent intentional access to computers behind NAT. NAT’s job is to route packets to desired addresses, not to prevent packets from not being routed. The abstraction NAT provides may be easily misunderstood and wrong conclusion may be drawn from that view, if someone forgets what are the limits of that abstraction. Saying that NAT is a security mechanism is the same as saying that a “turn left” sign on a road prevents cars from turning right. Of the general purpose attacks slipstreaming is the most recent, but there has also been many other examples, dealing with NAT implementations doing nothing to protect against specifically crafted ingress traffic. A quick overview here. On top of that you have vulnerabilities in gateways. And, if that wasn’t enough, NAT may be skipped if the adversary can execute their software inside the target network.

That of course doesn’t mean the response to OP was in general wrong. I support it — just making it clear that some things are not exactly right.

--- End quote ---

Thanks for clarifying my answer. I didn’t want to mean that NAT is a security mechanism, but that reverse connection is simpler and therefore more probable (although direct connection has been used by some Trojans in the past). Therefore, I wouldn’t get paranoid and try to force a change of my ip constantly. Looking for strange processes running on your computer might be a more effective way of detecting if something strange is running on it (although it is possible to hide it).

Whether or not it came from his company, having any type of malware running on your computer is a risk and, therefore, I understand Faringdon being concerned about things happening that he hasn’t done. But concern mixed with lack of knowledge on this topic can escalate pretty quickly to fear and paranoia, specially if you’re not familiar with any of the topics discussed in this thread (I don’t know his background, so I shouldn’t assume that he knows how a computer works internally). Erasing his computer could erase most virus and in any case it will solve most problems, specially those ones caused by messy uninstallations, so there will always be an improvement if that reduces his concerns.

However, having a constant fear of being infected with some kind of virus could be a problem and, if that’s going to be the case, it might be a better idea to take the computer to someone that can inspect it (some technical services offer those services and his country might have a public it security service, like Incibe in Spain)

Edit: Regarding mouses, usbs or lamps that install malware on your computer, the same thing happens. I’m pretty sure that if you search on defcon videos someone has done something like that (and it hasn’t been done yet, it will in a future defcon). However, I doubt that his company has the means to interfere in the devices bought by its employees in any store to substitute them with malware infecting ones (and a massive attack would probably had been detected). For that reason, it wouldn’t be the first place were I’d look for the source of a possible infection. Although it is technically possible, it is quite improbable.

Additionally, I wouldn’t assume that the malware has been provided intentionally by his company. There are many other possible sources and considering that the company might have provided it unintentionally is also worth it (if they haven’t deactivated the USB ports of their computers, they might have been accidentally infected by another employee). In any case, once a trojan has been isolated it is easier to find its source by inspecting its connections, so it seems a better idea to focus on determining whether or not some kind of malware is installed on the computer before start creating conspiranoic theories that could potentially frighten him

Just_another_Dave:

--- Quote from: dietert1 on October 30, 2021, 07:19:00 am ---
--- Quote from: janoc on October 29, 2021, 10:28:04 pm ---..
(to the person who thinks that their Chinese lamp is trying to hack their Windows - nope, what you are seeing is just Windows attempting to enumerate an USB device and failing at it because the lamp most likely  isn't really talking to the computer at all, only drawing power from the port. All you need for Windows to detect something being connected is a pull-up resistor on one of the data lines.)

--- End quote ---
So, you think there is that pull-up resistor but nothing else. Then the pull-up resistor should not be there. The more plausible scenario is a chip in the lamp to ask for a certain power level. I guess the lamp is chipped and we should be aware of that. The only conclusion can be: Don't use USB lamps in office.

Regards, Dieter

--- End quote ---

You can always open it up and inspect what’s inside of it. If it’s just a pull up resistor to ensure that the lamp is detected so the computer delivers energy to it, everything is fine, and if there’s something concerning inside it, you will help a lot of people by notifying it. Additionally, this is an electronics forum, so you can always build your own lamp if you don’t trust the ones available at stores

Navigation

[0] Message Index

[*] Previous page

There was an error while thanking
Thanking...
Go to full version