USBee Malware Turns Regular USB Connectors into Data-Stealing Weapons

Exterminator

Community Manager
Thread author
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Researchers from the Ben-Gurion University in Israel have discovered a novel method of using USB connectors to steal data from air-gapped computers without the need of special radio-transmitting hardware mounted on the USB.

Their attack scenario relies on infecting a computer with malware they've created called USBee.

An NSA cyber-weapon inspired the research
Researchers said that NSA cyber-weapons inspired their research, namely, the COTTONMOUTH hardware implant included in a catalog of NSA hacking tools leaked by Edward Snowden via the DerSpiegel German newspaper.

USBee is superior to COTTONMOUTH because it does not need an NSA agent to smuggle a modified USB connector/dongle/thumb drive into the location from where they want to steal data, nor does it involve implants in USB firmware and drivers to work.

The malware created by researchers can be spread like regular computer malware, and once it reaches a high-value target, it will work with any USB connector plugged into the computer, regardless if it's an USB dongle, thumb drive, or cable interconnecting the PC with a nearby device.
USBee steals data via electromagnetic emissions
In a simple explanation of the attack, the USBee malware sends hidden commands to the USB connector's data bus, which gives out electromagnetic emissions as it is processing the commands.

Researchers have found a series of operations that can make the USB's data bus give off electromagnetic emissions at two very different frequencies, which they use to represent binary "1" and "0."

The malware takes information it wants to steal, breaks it down to its 1-s and 0-es, and then transmits the data via the USB connector, to a nearby radio antenna.

The first "weird" data-theft attack to be feasible in real life
In the past, the same researchers from the Ben-Gurion University have created attacks that steal data from air-gapped PCs using the sounds emanated by a computer's GPU fan (Fansmitter attack); that can steal data using HDD sounds (DiskFiltration attack); that can steal data using the heat given off by a computer's internal components (BitWhisper attack); and attacks that can steal data using a computer's coil whine noise and overall electromagnetic field.

All these scenarios mentioned above have very small transmission speeds, usually no more than 10 bits per minute, and can send data to a very short distance, usually at maximum 3-5 meters.

USBee can transmit data up to 80 bytes per second, and at larger distances than all previous attacks (researchers did not specify maximum distance in meters).

This breakthrough makes USBee the first theoretical attack the team developed that can be deployed in real-world scenarios right away and be effective.

Below is a short video of the attack, but more details can be found in the paper USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB.

 

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,286
Would this even work if the infected computer was using a SSD ?
or does it matter ?
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
With the attacks goes on signal, in the future attacks through light is more faster to create damage.
 
  • Like
Reactions: DardiM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top