Linux vulnerable to USB worms
At the ShmooCon hacker conference, security expert Jon Larimer from IBM's X-Force team demonstrated that Linux is far from immune from attacks via USB storage devices: during his presentation, the expert obtained access to a locked Linux system using a specially crafted USB flash drive, taking advantage of a mechanism that allows many desktop distributions to automatically recognise and mount newly connected USB storage devices and display the contents of the device, in this case, in the Nautilus file explorer. The desktop will do this even if the screensaver is already active.
When trying to create thumbnails for the files on the device, Nautilus was tricked by a specially crafted DVI file which then activated the exploit. While the relevant hole in the evince thumbnailer was closed in January, the system used in the presentation was kept vulnerable for demonstration purposes. Larimer also disabled the Address Space Layout Randomisation (ASLR) and AppArmor security mechanisms. However, the expert presented measures that would allow potential attackers to bypass these obstacles.
Attacks via infected USB storage devices are, therefore, by no means limited to the Windows world – although large scale attacks have so far only affected Windows systems. High-profile examples include the Conficker and Stuxnet worms which, among other ways, were deployed through infected USB flash drives and even found their way into shielded industrial systems.