The Null Device
Posts matching tags 'usb'
It's about time somebody did something like this: Japanese synth maker Korg have announced a series of laptop-sized USB music controllers. The nanoSeries, as they call it, includes a 25-key MIDI keyboard, a 12-pad drum controller with X/Y pad and a mixing controller with 9 faders, 9 knobs, 18 switches and transport controls; all of these will be about 13 inches in width and will come with download codes for light versions of music software; according to these UK retailers, this series is expected to arrive in October 2008, costing between £49 and £59 each.
According to this article, there are two ways to compromise computer security by plugging an untrusted USB/FireWire device into a computer.
The first one's the obvious one: somehow convince a user to plug a USB flash drive or similar into their Windows PC, without disabling autostarting. The PC will automatically run whatever program the AUTORUN.INF file on the flash drive tells it to, and this can then do whatever it likes to the PC. Of course, this won't work if the user holds down SHIFT, disables auto-starting or uses a machine with a less-brain-damaged operating system.
The second method is more intriguing. To allow fast data transfers along USB and FireWire buses, such buses implement direct memory access (DMA). What this means is that anything plugged into them can access (or modify) anything mapped into the machine's memory space at the hardware level, bypassing the operating system altogether. Of course, it requires more work (the device has to be an actual programmable computer, and not just a flash drive), but once that hurdle is crossed, the possibilities, as they say, are endless:
Recently a number of computer security researchers realized the tremendous potential of using DMA over FireWire or USB as an attack vector. At the CanSec West '05 conference, Michael Becher, Maximillian Dornseif and Christian N. Klein demonstrated an exploit that used DMA read arbitrary memory locations of a FireWire-enabled system. The exploit was based on an iPod running Linux. For example, they could plug their customized iPod into a victim computer and grab a copy of that computer's screen--not just without the computer's permission, but even without its knowledge!The article goes on to mention that this attack has not been demonstrated on USB devices, only with FireWire. If it works with USB, it could be interesting. I imagine that sooner or later, they'll start making USB chipsets which take steps to filter DMA requests.
Aside: I wonder whether it'd be possible to use such an approach on, say, a PlayStation 2 (which has two USB ports on the front, sitting rather uselessly), or indeed any other notionally tamperproof computer-based device with USB/FireWire ports. If one could access arbitrary memory inside such a device, one could get up to all sorts of mischief.
If you're planning to buy a new MP3 player, beware, as many of the new ones use a proprietary interface protocol tied to Windows Media Player. Whereas a lot of older players (the Archos Jukebox series and iRiver H100 and 300 series, to name two, not to mention various generic Flash-based players) were USB Mass Storage devices (i.e., looked like external hard disks to a computer), new ones use a proprietary Microsoft protocol named MTP, to transfer data to them and possibly enforce RIAA-mandated inconveniences on the user.
MTP appears to be based on the Picture Transfer Protocol used by some digital cameras, only with some Microsoft extensions, and is tightly integrated with the Windows Media Player; it is currently possible to hack gPhoto, a command-line PTP client, to talk to at least some MTP players. There is some doubt over whether or not this infringes on patents. Users of pre-XP Windows systems, however, may be out of luck.
For Penguinheads and other Windows refuseniks, the Apple iPod is apparently still usable. It looks like a USB Mass Storage device (or a FireWire hard disk), and can be copied to/from, though requires music files to be indexed in a proprietary database file onboard, which iTunes writes; there exist open-source tools, running on UNIX-like OSes, for writing this file as well. (Disclaimer: I've never owned an iPod and so have no experience of how useful or clunky it is to use without iTunes. My way of filling my MP3 player involves mounting it as a disk and copying files or directories to it.)
The latest thing out of Japan: rubber duck-shaped USB flash drives, in a choice of three pastel colours. They don't play MP3s, they don't clip onto a keyring, they have a great unwieldy USB plug sticking out of them, they probably don't take kindly to water, and they're only 16Mb in size. I'm sure that it makes sense to someone, though.
For the geek who has everything, a USB-powered toothbrush on the market in Japan. More evidence that USB is the cigarette lighter socket of the 21st century. (Though who keeps their toothbrush next to their computer?) (via 1.0)