How to Turn an MP3 Player into a Linux Bootable Drive

I have a couple old MP3 players kicking around and have always wanted to try this. A lot of MP3 players are just USB flash drives with the brains to play music from the files stored on them.

You can open the MP3 player up in Windows Explorer and music files are usually stored in the root of the device or in a folder called “Music”. Simply adding songs or removing them manually is usually easier than trying to do it in Media Player or iTunes.

So, what I did is take one of these:

Copied all the information that was on the MP3 player to a backup folder on my PC (in case things went bad). Downloaded Ubuntu 11, and it’s USB installer and loaded Ubuntu onto it:

I then rebooted my PC, selected “boot from USB drive” from the Boot menu and got this:

Finally I copied the music files back to the MP3 player, ejected it from the PC, plugged my headphones in and it played music like a champ. Now, I have an MP3 player and a bootable USB drive.

I was thinking of installing Backtrack 5 on it and making it into a inconspicuous looking penetration testing platform, but the MP3 player just did not have enough free space.

Pretty cool, just a note of caution though, this may not work on every mp3 player. Only try it on one that you can risk ruining.

Data remains on USB and Solid-State Hard Drives (SSDs) even after Secure Erase

New research shows that secure erase programs used on standard hard drives to wipe important data do not completely erase solid-state (SSD) drives and USB thumb drives. As much as 75 percent of the data could remain after a succesful secure wipe.

SSD drives are being used more frequently now, especially as boot drives in laptops, because of their high speeds. But it looks like raw speed is not the only difference between them and standard hard drives.

According to The Register, the difference lies in the way that SSD and USB flash drives function. Unlike standard hard drives that store the file in a single location, flash drives can make multiple copies of the file on the flash drive and just points to the latest version:

The difficulty of reliably wiping SSDs stems from their radically different internal design. Traditional ATA and SCSI hard drives employ magnetizing materials to write contents to a physical location that’s known as the LBA, or logical block address. SSDs, by contrast, use computer chips to store data digitally and employ an FTL, or flash translation later, to manage the contents. When data is modified, the FTL frequently writes new files to a different location and updates its map to reflect the change.

According to scientists at the University of California at San Diego, different wiping techniques left varying levels of information behind. Up to 67% of data remained when using Mac’s OSX secure wipe. Up to 58% of data was recoverable when using British HMG IS5. Pseudorandom wipes were the worse, up to 75% of wiped data was recoverable.

When you run a secure wipe on a hard drive, the program will write data over top of the existing data to make sure it is unrecoverable. Random binary 0’s and 1’s are written over the existing ones, sometimes numerous times. This works very well, because the data is only located in one area of the drive. Because SSD drives could hold copies of the data in a couple of areas, only the active copy is securely erased, and the copies may go untouched and be fully recoverable.

The scientists used a $1,000 device to recover the data, but a DIY version could be made for about $200. According to the article, SSD drives that store information in an encrypted form are much safer to use. This is something for companies to keep in mind when they go to use and discard SSD drives that contain critical data.

I am sure now that the need has surfaced for a SSD secure erase program, we will probably see several in the near future.  

USB Attack Vectors move Beyond Flash Drives to Malicious USB Devices

You have all heard about the dangers that USB drives can pose. In 2008, the US Military suspended the use of USB drives after a large worm attack hit military systems. Iran’s Nuclear power plant was hit with Stuxnet, supposedly from a USB drive. And following the recent Wikileaks disaster, the military is banning all removable devices from systems connected to SPIRNET, the government’s secret network:

Maj. Gen. Richard Webber, commander of Air Force Network Operations, issued the Dec. 3 “Cyber Control Order” — obtained by Danger Room — which directs airmen to “immediately cease use of removable media on all systems, servers, and stand alone machines residing on SIPRNET,” the Defense Department’s secret network. Similar directives have gone out to the military’s other branches.

So no more CD’s, DVD’s or thumb drives will be allowed near these machines.

Then there is always the threat of malicious hardware. For years the government has been worried about counterfeit electronic hardware mainly from Chinese manufactures that have built in backdoors. Earlier this year millions of dollars of counterfeit Cisco equipment was confiscated that was to be sold to Marines in Iraq:

Ashoor purchased counterfeit Cisco Gigabit Interface Converters (GBICs) from an online vendor in China with the intention of selling them to the U.S. Department of Defense for use by Marine Corps personnel operating in Iraq, the DOJ said. The computer network for which the GBICs were intended is used by the Marine Corps to transmit troop movements, relay intelligence and maintain security for a military base west of Fallujah, Iraq, the DOJ said.

So security experts have been on the lookout for USB drives and even counterfeit routers, but what about an innocent looking USB keyboard, or mouse? How much attention would that garner?

Adrian Crenshaw (Security Specialist and Speaker) has shown from his recent work with the Arduino “Teensy” programmable keystroke device that almost any USB device, including keyboards, mice, and the innocent desktop toy could be used as an attack vector. Adrian (also known as “Irongeek”) created the tool for professional security pen testers, but it has really shown how USB attacks can and will move way beyond “Autorun.inf” infectors.

The Teensy programmable keystroke device is made from PJRC’s Teensy USB Development Board.

The computer does not see the Teensy device as a USB drive or another accessory, but as a human interface device (a keyboard). The Teensy circuit board can be inserted inside a keyboard or mouse and can be set to activate when a certain key is pressed or a certain condition is met. So, for example, if the “Scroll Lock” or “Caps Lock” key is pressed, the teensy could send the commands to copy all the data from a certain directory. The Teensy can also be set to activate via timer or whatever the pentester desires. And antivirus would not detect it as it would seem to be just standard keyboard input.

Also, the inside of the mouse or keyboard leaves amble room for the miniature teensy and whatever else the pentester may want to use. Inside a standard mouse case, Adrian was able to insert a Teensy device, a USB hub and flash memory. With this type of setup, he could have the teensy device issue commands to run a script from the flash drive or even copy data from the system to flash storage. (View Adrian’s video on YouTube)

I believe that with the Teensy programmable keystroke device, we are really looking at a new generation of intelligent malicious hardware that will be limited only by the imagination of the attacker.

Dojocon 2010 Security Conference Videos Released

 [Vimeo 17854580]

Adrian Crenshaw has released videos from the Dojocon 2010 conference on his site

The video above is his presentation on Malicious USB Attack vectors. His presentation shows that USB attacks have gone way beyond autorun.inf attacks to malicious mice/ keyboards & desktop toys that have multiple payload options and that can be triggered by external stimulus.