Hacker News new | ask | show | jobs
by robk 4989 days ago
Severity isn't that low. If you hand out a USB stick to a friend and they run a .exe on it, you could surely trigger this exploit invisibly. It's probably not a broad vector attack, but surely would fit very well into a spearphishing scenario. Hand this to a less-than-savvy user and either auto-run via .inf (on older OSes) or dupe them into running some arbitrary binary to "unencrypt the volume" or something they wouldn't understand.

Many newer USB sticks even have preloaded binaries for the supporting software (SanDisk volume utilities come to mind) - this would be a perfectly innocuous location to load this sort of attack.
1 comments
Rastafarian 4989 days ago
Buddy, did you even read the article before commenting??

"andrewaylett:

But it's not an autorun vulnerability, that wouldn't be newsworthy -- the problem is that simply mounting the filesystem exploits bugs in the filesystem driver."

link
amckenna 4989 days ago
@Rastafarian

Did you watch the video before retorting?

In the video he has to run "ntfs_exploit.exe" in order to exploit the vulnerability. That's why a local account, as well as the ability to insert the USB dongle, is needed in order to leverage the exploit. So simply mounting the filesystem is not sufficient to trigger the exploit

link
robk 4989 days ago
Understood, but to fully _exploit_ the vulnerability one would need to actually execute more code than just triggering the vulnerability presumably.
link
chuppo 4989 days ago
You appear to not understand the concepts you are attempting to participate in a discussion about.

To "trigger" the vulnerability is to deliver your exploit code. This USB stick can be inserted into any Windows 7 system and, voila you have your rootkit on that machine, without any user interaction required. No running of .exe files anywhere. You could put some pictures on the usb drive for the user to look at while his system is compromised. (Rootkitted is that a word? Backdoored is.)

link
elarkin 4989 days ago
In his demo video, he needs to run a specially crafted program to actually achieve privilege escalation. That's why you need both physical access and a local user account.

Social engineering only gets you both if you can autorun the executable upon insertion of the usb stick.

link
StavrosK 4988 days ago
> You appear to not understand the concepts you are attempting to participate in a discussion about.

I would be more demure. This way, it wouldn't look this bad when I'm wrong.

link