YOU ARE AT:DevicesGoogle researcher discovers 14 Linux USB vulnerabilities

Google researcher discovers 14 Linux USB vulnerabilities

Google researcher finds 14 Linux USB subsystem security vulnerabilities

Google researcher Andrey Konovalov recently discovered 14 Linux USB subsystem security vulnerabilities, all of which can be triggered by a “crafted malicious USB device in case an attacker has physical access to the machine.”

Konovalov found the glitches using a coverage-guided kernel fuzzer Syzkaller, discovering an 11 year old flaw in the Linux kernel with the same tool earlier this year. The process involves throwing large amounts of code at a specific type of software in order to trigger crashes.

The 14 security flaws impact the Linux kernel prior to version 4.13.8. Although the vulnerabilities discovered can be fixed, they are part of a larger group of 79 security flaws impacting the Linux kernel’s USB drivers. Within this group, 22 glitches have been issued a Common Vulnerabilities and Exposures (CEU) number. While many of these vulnerabilities have fixes available, several have been unreported and unpatched.

Konovalov originally reported the 79 vulnerabilities in December 2016 through a Google Groups mailing list. Some of the companies to make the mailing list included Google, Intel and The Linux Foundation. Konovalov continued to notify the mailing list as new results came in throughout the year.

Several of the glitches Konovalov noted in the mailing list were reported last September and October. Some of these glitches were found in release candidates of kernel version 4.14. Linux kernel developers were able to catch the glitches during the development process. Among the most recent glitches that Konovalov reported included 4.14 release candidate (RC) 8.

“Those 14 bugs that I found are triggerable externally by connecting malicious USB devices,” Konovalov told the Register, “so in this case we attack the kernel kind of ‘from the other side.’ In theory it might be possible to exploit a vulnerability in a USB device itself, and then use the compromised device to externally trigger a kernel bug.”

As previously noted, cybercriminals must have physical access to a machine to implement an attack. However, this shouldn’t undermine the extent to which hackers may go to breach a network. Some cybercriminals have attempted to infiltrate businesses by ‘losing’ malware-infected USB sticks in company parking lots. In addition, these types of glitches can be leveraged to infiltrate air-gapped systems that are not connected to the web. In these situations, USBs can be used to infect a device with an exploit code.

ABOUT AUTHOR

Nathan Cranford
Nathan Cranford
Nathan Cranford joined RCR Wireless News as a Technology Writer in 2017. Prior to his current position, he served as a content producer for GateHouse Media, and as a freelance science and tech reporter. His work has been published by a myriad of news outlets, including COEUS Magazine, dailyRx News, The Oklahoma Daily, Texas Writers Journal and VETTA Magazine. Nathan earned a bachelor’s from the University of Oklahoma in 2013. He lives in Austin, Texas.