George Mason researchers demonstrate how to take control of a laptop via a USB-connected smartphone at the Black Hat DC conference.
(Credit: Angelos Stavrou)Two researchers have figured out a way to attack laptops and smartphones through an innocent-looking USB cable.
Angelos Stavrou, an assistant professor of computer science at George Mason University, and student Zhaohui Wang wrote software that changes the functionality of the USB driver so that they could launch a surreptitious attack while someone is charging a smartphone or syncing data between a smartphone and a computer.
Basically, the exploit works by adding keyboard or mouse functionality to the connection so an attacker can then start typing commands or click the mouse in order to steal files, download additional malware, or do other things to take control of the computer, Stavrou told CNET in an interview. The exploit is enabled because the USB protocol can be used to connect any device to a computing platform without authentication, he said.
He and his partner were scheduled to demonstrate an attack at the Black Hat DC conference today.
The exploit software they wrote identifies what operating sysetm is running on the device the USB cable is connected to. On Macintosh and Windows machines, a message pops up saying the system has detected a new human interface device, but there is no easily recognizable way to halt the process, Stavrou said. The Mac pop-up can be quickly removed by an attacker with a command sent via the smartphone so the laptop owner may not even see it, while the Windows pop-up lasts only one or two seconds in the lower left corner, making that an ineffective warning too, he said.
Linux machines offer no warning, so users will have no idea that something out of the ordinary is happening, particularly since the regular keyboard and mouse continue to function normally during an attack, Stavrou said.
"The operating system should present a pop-up and ask if the user really wants to connect the device" and specify what type of device is being identified to the system, he said.
The researchers wrote the exploit for Android devices only at this point. "It can be done for iPhone, but we didn't do it yet," Stavrou said. "It can work on any computing device that uses USB," and it can work between two smartphones by connecting a USB cable between then, he said.
"Say your computer at home is compromised and you compromise your Android phone by connecting them," he said. "Then, whenever you connect the smartphone to another laptop or computing device I can take over that computer also, and then compromise other computers off that Android. It's a viral type of compromise using the USB cable."
The original compromise can happen by downloading the exploit from the Web or running an app that is compromised. The researchers have created exploit software to run on a computer, and an exploit to run on Android that is a modification of the Android operating system kernel. Scripts can then be written for the actual attack.
Antivirus software wouldn't necessarily stop this because it can't tell that the activities of the exploit are not controlled or sanctioned by the user, Stavrou said. "It's hard to separate good behavior from bad behavior when it comes from the keyboard," he said.
There's not much a person can do to protect against this at this time, according to Stavrou. The operating systems should have the capability for devices to inspect USB traffic and alert users about what exactly is happening over the connection and give them the option of refusing an action, he said.
Thursday, January 20, 2011
Researchers turn USB cable into attack tool | InSecurity Complex - CNET News
Thursday, January 6, 2011
zenm's posterous
Hi Everyone, this is my friends son. Please read his story and help out if you can!
Thank you!
The Joy of a Salesman
Ahh, this video never ceases to amuse me... just a classic. If you're in sales, you must see this!!!
Tuesday, January 4, 2011
Monday, December 20, 2010
Microsoft
Some products to think about this holiday season. I like the Dell - that thing looks amazing!!!
Tuesday, November 23, 2010
How to use the FM radio on the HTC Surround - HTC Surround User Guides - Know Your Cell
How to use the FM radio on the HTC Surround
We show you how to use the FM radio on the HTC Surround
Published on Oct 25, 2010
The HTC Surround features a slide-out speaker with Dolby Mobile for punchy sound.
We show you how to use the FM radio on the HTC Surround and make the most out of that speaker.
Note: You'll have to plug in the wired earphones before you can use the radio on the HTC Surround, because this holds the FM antenna.
How to find radio stations on the HTC Surround
- Once you've plugged the headset in, select Music + Video from the Start screen.
- Flick to Zune and select Radio.
- Choose a radio station you want to listen to by swiping left and right to go up and down, or flick to jump to the stations with a stronger signal.
- Press favorites to show your favorite radio stations.
- Press play or pause to stop or resume playback.
How to add a favorite radio station
- When you've navigated to a favorite radio station, select the star icon to add it to your favorites.
- To remove a favorite radio station, tap the star icon again.
How to switch radio playback to speaker mode
- While playing a radio station, press and hold the station number.
- You'll now be able to choose between headset or speaker mode.
- Switch back by again pressing and holding the radio station number and switch back.
Was trying to figure this out - and found this really cool link. Even shows you how to use the built-in speaker for playback instead of the headphones (since they are required to be plugged in).
Monday, November 8, 2010
Technolog - The first Windows Phone 7 apps you should grab
The most popular Windows Phone 7 downloads of the moment, including both apps and games.
By Wilson Rothman
Today is when the first Windows Phone 7 models go on sale — the Samsung Focus at AT&T and the HTC HD7 at T-Mobile. As we've discussed, they're powerhouse phones with gorgeous screens and Microsoft's surprisingly nice "glance and go" operating system designed in the age of Facebook. But what matters once you get the phone is what apps to download. There are currently about 1,600 apps in the Marketplace, most of them free or dirt cheap.
There's already a lot of cr'apps in there, the standard lineup of flashlights, tip calcs, stopwatches, unit converters, and of course fart emulators. And because you can read what system resources each app needs to access, you can spot some shady ones too. A "simple and fun finger drawing tool" that needs access to "owner identity" and "phone calls"? I'm sure there's a plausible explanation, but I am gonna pass!
There are also a lot of things still missing. There's no Pandora. There's no Kindle, Nook or Kobo e-book readers. (Update: Amazon stated about a week ago that it would be first to WP7, available "later this year.") There's just one instant messaging app, and it's for Windows Live Messenger. The cooking and wine categories are barren — no Epicurious or BigOven, and no wine reference databases. Kid entertainment — that is, edutainment — is totally missing. And I don't see Bank of America or any other leading American banks with apps, nor do I see Mint.com. (USAA and Geico have apps though.)
There are a ton of games, and we've reviewed many here: Windows Phone 7 games: The good, the bad and the weird
What I did was sift through most of the non-game apps, and put together a list of the ones you definitely need, plus a few premium ones that you may want to buy. (Msnbc.com is a joint venture of Microsoft and NBC Universal, but that has nothing to do with our surprise enjoyment of Windows Phone 7.)
Yelp - The most popular crowd-sourced restaurant review network is necessary, even if many of its reviewers are just a little too high-strung for this Earth.
Foursquare - Check-in and become mayor, at least until Facebook puts it out of business with its Places (which is not yet available on Windows Phone 7).
Facebook - Microsoft built a client for FB, even though the service is integrated through much of the Windows Phone 7 OS. It's nice but not as full-featured as the iPhone and Android versions. That is, again, no Places or Deals.
Twitter - The homespun app makes up a little for the fact that Twitter isn't part of the People section of Windows Phone 7. But I'd still like to see that.
YouTube - Unlike Android and iPhone, the YouTube app doesn't come pre-installed. But other than that, there's really no difference — you'll still get your Auto-tune the News.
Shazam - The bot that wins "name that tune" more than you or I ever could is here, with a smooth, simple interface.
Breaking News - It's the fastest source of up-to-the-minute news on the Web. And I'm not just saying that because it's part of msnbc.com.
Slacker Radio - Some prefer this streaming music service over Pandora, and anyone who's buying the T-Mobile HTC HD7 gets it pre-loaded on their phones. Well worth trying.
iheartradio - A social network with 750+ U.S. radio stations, it's one of the best ways to access radio streams online, with decent customization tools.
Where - The same free point-of-interest search app that appeared on the iPhone in the early days is ready on Windows Phone 7 at launch. It's a good supplement to Bing Maps.
Public Transit - A basic app that searches Google's public transportation data, it's not much more than a customized search, but since the gorgeous Bing Maps app doesn't give bus or train info (yet?), it's useful.
Realtor.com - The realty mafia's home base, it's a good resource for house hunters, and it's geographically linked. Now if there was only a Zillow app to pair with it.
Graphic.ly - There may not be a Kindle or Nook app yet, but there's a very nice hub for those more interested in graphic novels than text-heavy prose. Membership is required, and the books cost money, but the app itself is free.
ICanHasCheezburger - This is the "official" app of kittens being ridden by baby chickens ("I is not a horsy"), and it's mercifully free.
gReadie - It's one thing to access Google Reader on a phone, and it's another thing to enjoy it. Here's an attractive way to get at your RSS feeds.
Seesmic - For someone more in need of managing their social networking feeds, this app lets you gaze into both Twitter and Facebook (though irksomely not at the same time).
TED - Get smarter by listening to smart people talk, or just look smarter by keeping the icon prominent on your phone's home screen. Either way, this free collection of TED talks will help you.
Pictures Lab - $1.99 - In these early days, there aren't many really good photo editors to choose from, but this one has enough filters, tools and multi-touch controls to keep most people happy. (See comment below for special pricing.)
History Here - $2.99 - Who needs crusty old park rangers when there are smart phone apps? This one lets you scout out nearby historical landmarks. And it comes from the A&E TV people, so you know it'll be entertaining and informative.
GoVoice - $2.99 - A third-party client for Google Voice, this one looks great with its Windows Phone 7 motif but all of the necessary functionality, from calling to visual voicemail.
Zagat To Go - $9.99 - Yes, it's $10. Which in app terms might as well be a million smackeroos. But really, if you live in a dense enough area and like Zagat, it's still cheaper than buying their books, and it's always on your person. Think of it as an antidote when the Yelpers get too crazy.
WinFart Pro - $0.99 - "The only no-nonsense fart application featuring over 20 high-quality fart sounds." I mean, if you're gonna download a fart app, might as well get the "pro" one, right? This one even has a motion trigger, for startling friends when they touch your phone. Good news is, you can try it first: The demo is fully functional, just "limited to two fart types."
Since app catalogs are constantly growing, some of the stuff that I said isn't there may turn up — if you spot Pandora or Kindle or anything like that, please let it be known in comments, and/or send me a tweet at @wjrothman.
Related must-see stories:
