Researcher Demonstrates USB Stick That Can BSOD Any Windows 10 Device Even If Locked

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, May 3, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    42,411
    Likes Received:
    10,238
    GPU:
    AMD | NVIDIA
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    12,523
    Likes Received:
    4,867
    GPU:
    2080Ti @h2o
    I need this thing for when I don't want to work... wait, my current laptop's still on 7 ENT :D
     
  3. Kaarme

    Kaarme Ancient Guru

    Messages:
    2,683
    Likes Received:
    1,343
    GPU:
    Sapphire 390
    I've never seen Win10's BSOD. Although I've seen it getting totally jammed and stuck with a static image a whole bunch of times, requiring a hardware reset. But that's probably hardware/driver related, not Win10's fault per se, I imagine.
     
  4. Viper666

    Viper666 Active Member

    Messages:
    52
    Likes Received:
    2
    GPU:
    Sapphire RX 460 2GB
    Well i sort of agree with Microsofts decision to downgrade the risk, as requiring psychical access may lead to even more damage by using an USB Killer for example. Why just crash the system when you can destroy it.
     

  5. FM57

    FM57 Master Guru

    Messages:
    212
    Likes Received:
    73
    GPU:
    Palit RTX 2070
    Bounty hunter.

    He wants the US$ for the discovery of the flaw and Microsoft refuses to hand him his candy.
     
  6. David3k

    David3k Member Guru

    Messages:
    112
    Likes Received:
    28
    GPU:
    Graphics Processing Unit
    It's actually much worse than you think; It's not a buggy hardware or thumbdrive firmware causing an issue: pretty much any standard USB thumb drive can be turned into this by simply intentionally malforming an NTFS partition (only a partially completed partition, in this case), which is easily done.
    The written partition is automatically mounted when the drive is plugged in but the way it is modified causes the filesystem stack to crash, which, unfortunately for Windows, is a kernel component. Why Microsoft has not created filesystem miniports to the kernel and moved the filesystem driver stack into a userland environment is beyond me, considering malformed removeable filesystems has been a cause of many a bluescreen since even before 2003.

    The problem here is if it is a full memory dump, that dumpfile can easily be copied with minimal interaction by another automated USB boot drive to replace the "crashing" drive, so it's worse than just breaking the hardware.

    The biggest issue here is it doesn't even have to be a USB thumbdrive: since a BSOD memory dump file is readable by any user on the system, they can write a program to launch on user login that sends the latest crashdump to a remote location using the BITS, then proceed to mount a malformed NTFS image. System crashes, memory dump is created, System reboots, and dumpfile is sent on the next login.

    All this and not one UAC elevation prompt was required.

    EDIT: The worst part about all this is it seems Microsoft outright said they're not going to even fix this issue and everything is working as intended.

    Further information and research here: https://github.com/mtivadar/windows10_ntfs_crash_dos
     
    Last edited: May 3, 2018
    scatman839 likes this.
  7. Kaarme

    Kaarme Ancient Guru

    Messages:
    2,683
    Likes Received:
    1,343
    GPU:
    Sapphire 390
    Oh, I don't know anything about this bug. I'm sure this is a real Windows bug. I was merely saying that I haven't personally ever seen a Win10 BSOD on my own PCs, and that my other problems were likely related to my own hardware and their drives.
     
  8. Fox2232

    Fox2232 Ancient Guru

    Messages:
    11,809
    Likes Received:
    3,366
    GPU:
    6900XT+AW@240Hz
    Unless it can force code execution, it is just stupid joke. If I can plug USB to your system, I can hold power button on it too.
     
  9. reix2x

    reix2x Master Guru

    Messages:
    434
    Likes Received:
    112
    GPU:
    HIS 4870 1GB
    i would like to see if it affects windows server, i see some applications in a server room. It could be used as a form of sabotage .
     
  10. asturur

    asturur Maha Guru

    Messages:
    1,162
    Likes Received:
    374
    GPU:
    Geforce Gtx 1080TI
    Is not a stupid joke is a stupid OS that crash on broken disks. And this is inadmissible nowadays.
     

  11. David3k

    David3k Member Guru

    Messages:
    112
    Likes Received:
    28
    GPU:
    Graphics Processing Unit
    In this case, the crafted NTFS-crashing drive image can't occur under normal circumstances, but can specifically crafted to intentionally force a BSOD and dump memory. You don't even need a USB stick to pull this off, and an entire attack can take place within userland without once elevating with UAC.

    Powering down a system is a hell of a lot more preferable to a BSOD where the dump can be easily taken for analysis. This isn't a broken disk issue, either, since a broken or corrupted NTFS partition can't take down the entire kernel but a valid (but malformed) one can.
     
  12. waltc3

    waltc3 Maha Guru

    Messages:
    1,344
    Likes Received:
    463
    GPU:
    AMD 50th Ann 5700XT
    I've seen a few GSOD's from Windows10--yep, the actual green skin variety--and every single time it happened it was a result of me pushing an overclock too far. Notched back on the offending clock the appropriate number of MHz, and all is well--no more green SOD's. I've never seen one in recent memory, however, unless I caused it.

    Also, hackers all over the world vy for some Microsoft money awarded to them for "finding flaws." Microsoft gladly pays them for the ones it considers important and legitimate. So I find it somewhat amusing that these hackers get elevated to the grandiose title of "security researchers" whenever a hack is successful. There are lots and lots of hacks that can be accomplished in a machine in which a person has administrator access--especially direct physical access. But when they don't get "recognized" by Microsoft (ie, there's no payday) many of them get "revenge" by publicizing their hacks to all comers. But the fact is that when you have administrator rights and direct physical access, you own the world where that machine is concerned, and at that point the entire OS becomes a "vulnerability." How do these hackers (and I don't say that disparagingly) expect Microsoft to engineer a defense against the gullibility of some people who respond favorably to phishing techniques? Not possible, imo.
     
  13. Killian38

    Killian38 Master Guru

    Messages:
    312
    Likes Received:
    88
    GPU:
    1060
    I tried to Show Microsoft that a 12 gauge shotgun can destroy a laptop running windows 10 and that my wifes macbook was immune Due to her " I'll kill you" stare. Microsoft didn't buy it. Now I have no laptop.
     
  14. David3k

    David3k Member Guru

    Messages:
    112
    Likes Received:
    28
    GPU:
    Graphics Processing Unit
    EDIT: also, I think you meant "vie" not "vy"
    In this case, this guy emailed Microsoft for a fix. I don't see him trying to cash in on this with the way he went about it. You shouldn't be defending Microsoft for something like this where they've had more than a decade to move the filesystem stack out of the kernel and into userspace memory but haven't done so and now have to face the consequences of that and their default memory dumping policy allowing for in-memory information being copied after a BSOD.

    Again, I hope you people aren't underestimating this and are mode mindful of things like disk images being mounted, not just USB drives.

    It's really hard to steal data from a shattered laptop by running something.
     
  15. Killian38

    Killian38 Master Guru

    Messages:
    312
    Likes Received:
    88
    GPU:
    1060
    I don't stick stuff in my USB ports that do not belong in them. Nor do I allow Someone else to do so. If you do allow that to happen, you might as well shoot your PC with a shot gun.
     

Share This Page