ShmooCon 2011: USB Autorun attacks against Linux

Sign in or sign up now!
Alert icon
Upgrade to the latest Flash Player for improved playback performance. Upgrade now or more info.
29,247
Loading...
Alert icon
Sign in or sign up now!
Alert icon

Uploaded by on Feb 3, 2011

Speaker: Jon Larimer

Many people think that Linux is immune to the type of Autorun attacks that have plagued Windows systems with malware over the years. However, there have been many advances in the usability of Linux as a desktop OS - including the addition of features that can allow Autorun attacks. In this presentation, I'll explain how attackers can abuse these features to gain access to a live system by using a USB flash drive. I'll also show how USB as an exploitation platform can allow for easy bypass of protection mechanisms like ASLR and how these attacks can provide a level of access that other physical attack methods do not. The talk will conclude with steps that Linux vendors and end-users can take to protect systems from this threat to head off a wave of Linux Autorun malware.

For more information visit: http://bit.ly/shmoocon2011_information
To download the video visit: http://bit.ly/shmoocon2011_videos

Category:

Science & Technology

Tags:

License:

Standard YouTube License

  • likes, 3 dislikes
  • As Seen On: As Seen On: СМИ2

Link to this comment:

Share to:

Top Comments

  • Great vid, I shall Use this to autorun the crashing of gnome screensaver then executing a videoplayer to play Rick Astley.

    sirukinx 1 year ago 18

  • This is by far the best SchmooCon talk on USB Autorun attacks I've seen this morning.

    kyuznum1 1 year ago 9

see all

All Comments (35)

Sign In or Sign Up now to post a comment!

  • I want this video on my GU1100 phone.

    galenrivera512 1 month ago

  • @tomdwright The problem with that plan with regards to xlock, namely killing the xlock and then putting up a fake one with a fake login window (if I'm interpreting your correctly) is as I said: The access list has been wiped from the X server - *nothing* could access it at that point, the X server had to be killed to continue, logging out the user's session in the process. And TheMegentus mentioned that killing the screensaver would kill off the session directly, an even more direct approach.

    siodhe 7 months ago

  • @siodhe This could lead to pretty easy root access just by replacing the screensaver with a fake login window then stealing the users password; perhaps it would be a better idea to have the screen saver ran as root so the user can only invoke it, not dismiss it.

    tomdwright 7 months ago

  • Thanks for making Linux more secure and me a bit smarter. Good talk.

    MsPwain 8 months ago

  • This is cool

    frenchpet 8 months ago

  • Interesting talk... I am curious, though, when I was last using Debian, killing the screensaver caused the entire session to get killed, giving you a nice new login prompt, on a fresh X server. Doesn't that happen any more in modern installs?

    TheMagentus 9 months ago

  • Hi :-) Many linux users don't run the user level tools (nautilus..) in the exploit, completely removing this vector. The older xlock program would wipe the access list, and so when killed would leave the X11 server unusable (obviously the modern screensavers need to be updated to the same destroy-access mentality). The TCP port mentioned in the demo in disabled by default in Xorg (the X11 server). And lastly, remember these exploits only grant user access, not root (although closer to root)

    siodhe 11 months ago

Loading...

Alert icon
0 / 00Unsaved Playlist Return to active list
    1. Your queue is empty. Add videos to your queue using this button:
      or sign in to load a different list.
    Loading...Loading...Saving...
    • Clear all videos from this list
    • Learn more