logoalt Hacker News

dilyevskyyesterday at 10:43 PM6 repliesview on HN

The stray USB stick is how Stuxnet allegedly got deployed. Tbh I doubt that works in this day and age.

Replies

anonymousiamyesterday at 11:08 PM

What I heard about the Stuxnet attack was different from what you are saying:

The enrichment facility had an air-gapped network, and just like our air-gapped networks, they had security requirements that mandated continuous anti-virus definition updates. The AV updates were brought in on a USB thumb drive that had been infected, because it WASN'T air-gapped when the updates were loaded. Obviously their AV tools didn't detect Stuxnet, because it was a state-sponsored, targeted attack, and not in the AV definition database.

So they were a victim of their own security policies, which were very effectively exploited.

show 1 reply
roblablayesterday at 10:49 PM

A USB can pretend to be just about any type of device to get the appropriate driver installed and loaded. They can then send malformed packets to that driver to trigger some vulnerability and take over the system.

There are a _lot_ of drivers for devices on a default windows install. There are a _lot more_ if you allow for Windows Update to install drivers for devices (which it does by default). I would not trust all of them to be secure against a malicious device.

I know this is not how stuxxnet worked (instead using a vulnerability in how LNK files were shown in explorer.exe as the exploit), but that just goes to show how much surface there is to attack using this kind of USB stick.

And yeah, people still routinely plug random USBs in their computers. The average person is simultaneously curious and oblivious to this kind of threat (and I don't blame them - this kind of threat is hard to explain to a lay person).

EvanAndersontoday at 1:22 AM

Stuxnet deployment wasn't just a USB stick, though. It was a USB stick w/ a zero-day in the Windows shell for handling LNK files to get arbitrary code execution. That's not to say that random thumb drives being plugged-in by users is good, but Stuxnet deployment was a more sophisticated attack than just relying on the user to run a program.

(They will run programs, though. They always do.)

FreakLegiontoday at 5:22 AM

Versions of it work necessarily. The gist is that the USB device presents as a keyboard and is pre-programmed to pop a shell and start blasting. No exploits required. See: https://en.wikipedia.org/wiki/BadUSB.

frosting1337today at 12:10 AM

It does work.

stavrosyesterday at 10:47 PM

Hah, watch me.