Exploiting Autorun: Threats, Vulnerabilities and Countermeasures of the Autorun Functionality Associated with Portable Data Storage Devices by Kevin M

Exploiting Autorun: Threats, Vulnerabilities and Countermeasures of the Autorun Functionality Associated with Portable Data Storage Devices by Kevin M

Exploiting AutoRun: Threats, Vulnerabilities and Countermeasures of the AutoRun Functionality Associated with Portable Data Storage Devices by Kevin M. Williams, CISSP Abstract - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - On the battlefield of Information Security, amidst hackers, crackers, phreakers, and phrackers, cyber warriors, organized crime, script kiddies, and hacktivists, the last thing information security professionals would imagine having to worry about would be portable data storage devices. Nevertheless, a growing threat has emerged, stealing data and spreading malware by exploiting the seemingly benign nature of the AutoRun functionality associated with portable data storage devices. In this study, we examine the vulnerabilities present in AutoRun functionality, the threats that target these vulnerabilities, and the countermeasures to stop them. While the results show that vulnerabilities do exist, and the threats are real, there are many effective countermeasures available to the information security professional. Most notably, security awareness training programs that educate and empower users can be the most effective weapon in the information security professional’s arsenal. © 2008 Kevin M. Williams. All Rights Reserved. Table of Contents - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Abstract .................................................................................................................................................. 1 Acknowledgements ............................................................................................................................... 3 Introduction ............................................................................................................................................ 4 Background ....................................................................................................................................... 4 Need for the Study............................................................................................................................ 4 Purpose of the Study ........................................................................................................................ 5 Limitations of the Study .................................................................................................................... 5 Organization of the Study................................................................................................................. 6 Research Questions ......................................................................................................................... 6 Research Question One - Vulnerabilities ................................................................................... 6 Research Question Two - Threats .............................................................................................. 6 Research Question Three - Countermeasures .......................................................................... 6 Literature Review................................................................................................................................... 7 Methodology .......................................................................................................................................... 9 Scenario............................................................................................................................................. 9 Equipment ......................................................................................................................................... 9 Target................................................................................................................................................. 9 Scripts .............................................................................................................................................. 10 Process............................................................................................................................................ 11 Conclusion....................................................................................................................................... 11 Results ................................................................................................................................................. 12 Research Question One - Vulnerabilities ...................................................................................... 12 Research Question Two - Threats................................................................................................. 12 Research Question Three - Countermeasures............................................................................. 13 Countermeasure One – Security Awareness and Training..................................................... 13 Countermeasure Two – Programmatic Suppression............................................................... 14 Countermeasure Three – Registry Keys .................................................................................. 14 Countermeasure Four – Disabling Devices.............................................................................. 15 Countermeasure Five – Group Policy....................................................................................... 15 Countermeasure Six – BIOS Settings ...................................................................................... 15 Countermeasure Seven – Thin Clients..................................................................................... 15 Countermeasure Eight - Physical Prevention .......................................................................... 16 Additional Countermeasures ..................................................................................................... 16 Recommendations .............................................................................................................................. 17 References........................................................................................................................................... 18 Appendices .......................................................................................................................................... 20 Appendix A – Target Directory Screenshots................................................................................. 20 Appendix B – AutoPlay Screenshots............................................................................................. 22 Appendix C – USB Flash Drive Screenshots................................................................................ 23 Appendix D – iPod Screenshots .................................................................................................... 24 Appendix E – Flash Memory Card Screenshots........................................................................... 25 2 Acknowledgements - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - I would like to acknowledge my professor, Dr. Robert August, and the Center for Cyber-Security Policy, School of Business and Leadership, at Our Lady of the Lake University (CyberSecurity.OLLUSA.edu). Thank you for your guidance during this study. I would also like to acknowledge all my co-workers at The Denim Group (DenimGroup.com), especially to Derek Flint, Erhan Kartaltepe, and Michael McBryde for lending me their technical expertise and proofreading my paper. And lastly, I would like to acknowledge my wife, Adele Williams, not only for her technical expertise and proofreading, but also for her patience and understanding. Thank you for your compassion and kindness while I wrote this paper, hid away in our home office till 2 A.M. on consecutive nights surrounded by Star Wars toys and security textbooks. 3 Introduction - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Background The seemingly benign nature of AutoRun functionality is being exploited by attackers to steal data, spread malware, and generally do harm. Exploits targeting what was once considered harmless is nothing new in the field of Information Security. One could argue that the very essence of what makes something an effective exploit is the ability to turn something previously overlooked into something dangerous. One particular technique has even been given the name “podslurping”; pod because it can be done from an iPod, slurping because it can indiscriminately copy large amounts of data onto the device. An iPod that normally holds 60 GB of digital music can be used as a portable hard drive capable of stealing 60 GB of corporate data. In GFI Software’s white paper, Pod Slurping – An easy technique for stealing data, they describe pod slurping in this way: Data slurping is a very simple automated process and does not require any technical expertise; a user may plug in the portable storage device to a corporate workstation and by the time it takes to listen to an MP3, all the sensitive corporate data on that workstation is copied to the portable storage device. (p. 3) The concept of attacks via unanticipated routes is nothing new. What is different about AutoRun exploits is the prevalence of portable data storage devices. USB storage drives (A.K.A. thumb or jump drives) are ubiquitous in the modern workplace. They can be purchased

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    25 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us