There's no doubt that networked resources like printers, scanners, and storage devices have a huge degree of utility. But cheaper and older peripherals don't always have the gumption to connect via Wi-Fi or ethernet. USB is the only option, or at the least, it's far cheaper. Networking USB devices is thus a clever workaround. Apple has supported external access to printers via AirPort Express since 2004, and to storage via its AirPort Extreme and Time Capsule base stations since 2007.
A licensed technology called NetUSB made by a Taiwanese firm has extended the same sort of capability to many millions of routers and other network hubs, including those made by Netgear and Zyxel. Using client software available for OS X and Windows, USB devices can be plugged in and then accessed almost like a shunt--as if the device were plugged locally to the computer--rather than a network-shared item as with Apple.
And researchers at SEC Consult have discovered that the software has a simple local exploit that comes from sending a router or other hardware with NetUSB installed a computer name that's longer than expected. This flaw allows the networking hardware to be potentially hijacked, which could result in firmware being overwritten with malicious software and the ability to use the router as a way to monitor traffic and distribute malware to susceptible machines on the same network.
While the software seemingly uses robust encryption for authentication between the client software and the networked hardware, the encryption keys are baked into software and simply retrievable, as well as being identical across all versions of the software. This escaped or wasn't considered as part of the due diligence of the hardware makers licensing the software.
What can you do about it? Of the many companies that distribute the NetUSB software with their products, only one has produced updated firmware or options to remove the flaw or mitigate the vulnerability by disabling the feature. The only way to solve the problem is replace the affected hardware or hope the vendor ultimately releases an update.
What's at risk
This exploit has to be carried out over a local network, at least in the scenario described by SEC Consult. If a gray-hat or black-hat hacker develops and distributes an easily used crack, then cafés and other public places that use routers with unpatched and enabled versions of NetUSB could be at risk.
While it's much harder to launch effective proximity attacks, because an attacker has to visit the location to carry it out, some spots are valuable because they have computer-based cash registers or other data on the network that can be accessed and used to transfer money or gather data for identity theft.
Sign up for MIS Asia eNewsletters.