Cheap rj45 ethernet to USB adapter contains malware
I’ll show myself out
So I'll still call them RJ45 connectors. Because nobody has time to say "8P8C unkeyed modular connector" every time!
FWIW, TIL about 8P8C.
[1] https://web.archive.org/web/20170705131407/http://www.tscm.c...
Basically, what do you get if you hotplug it into a laptop running a current linux kernel and do "sudo lsusb -v" vs "sudo lspci -v"?
The ones that are native PCIE devices offer much better performance, up to 2.5 GBASET line rate, and will communicate with the host over the implementation of thunderbolt over USB.
The ones that are USB only might work okay, but there's a reason they're cheap.
Of course a cheaper laptop also won't have any implementation of thunderbolt on it, so that's something to consider as well.
Per Wikipedia, USB 3.0 (from 2008) can reach 5 Gbit/s, so (naively?) one would expect them to reach 2.5 GbE line rate easily, right?
1) downloading Windows exe files from Chinese forums
2) the USB storage provided by network card can still contain malware,
3) or can be accidentally booted from
4) it has universal USB controller, so can become any HID device: keyboard, mouse...
I don't know of any modern systems that will execute anything on a newly inserted drive, nor boot from an external drive in the default configuration.
So we are missing a couple of things. First, a vulnerability in the OS/system. Second, an implementation of that vulnerability in a device like this.
Should this design be phased out? Perhaps. There is relatively little difference between not populating the flash memory part of the board and a proper network-only implementation.
That seems unlikely given that "malware" is signed by Microsoft Windows Hardware Compatibility Publisher.
Made me laugh. Fun article, also really love the genre of "bored smart person goes too deep on something that the end result is obvious by common sense but proving it requires surprising amount of ingenuity and scrappiness"
And a great example that truth is complicated, expensive and uncomfortable. It's much easier to postulate an evil nation-state entity with a bad plan (without evidence) than to dig through the thicket of this article. It's much cheaper as well, certainly in terms of time and knowhow. And it's also much more comfortable to claim you're the victim and have uncovered a conspiracy, rather than realize this was just the result of the patchwork typical of engineering.
Kudos to the author.
The worst thing is this creates an environment where most people are either completely credulous and buy into everything or completely incredulous and think everything is unfounded. It's just exhausting to have a healthy level of skepticism these days, and maybe 1 out of 1000 times (number source: from thin air) something that sounds insane actually has some truth to it.
Of course, there's a bit of a jump from that to making bold claims about what it's doing, but the initial concern was understandable.
People should have more faith in dongles. Not all are bad.
I.M.H.O. these USB dongles are actually preferable to the much more expensive Thunderbolt dongles praised below, because a) they work on regular USB ports as well b) they do not require Thunderbolt c) they use less power and d) they don't force a highly ventilated cooling mode on certain host systems. And, fwiw, at least some Thunderbolt docks actually used USB NICs connected to the internal USB controller, which was hooked up over PCIe.
Now I never trust anything with Realtek in it, and if buying anything with an Ethernet port, I try to make sure it’s not Realtek. Is this still valid concern, or is Realtek better now?
(A) replace your WiFi adapter - download drivers from internet
(B) configure a router or other equipment (hard to configure WiFi without WiFi).
(C) stand up your Linux install on your laptop (easiest way to futz around until you get WiFi adapter working - but check chipset on adapter is compatible which the cheapest usually are)
You don't usually care about the performance. Just keep a cheap one in your box of shit - I need mine often enough. If you need high performance, then buy a high performance adapter.
In my case A) and B) are irrelevant because I only really own or deal with laptops now days, and they invariably have built in WiFi, but usually not built-in Ethernet!
Case (A) is common for laptops. I've had plenty of WiFi modules (M.2?) go intermittent connection on friend's Windows laptops over time (maybe component drift?). For Linux on laptops I usually replace the manufacturers WiFi module so I get something better supported (high reliability - used to be Intel). Some people upgrade their module e.g. to get higher spec WiFi.
For (B), configuring WiFi routers is often easier with an Ethernet cable and sometimes necessary (depending on circumstances), and you need a cable to configure many other devices e.g. point-to-point links or whatever.
The fact you have a WiFi laptop is exactly why an adapter is really useful.
I don't disagree that the uses you describe make them helpful in those circumstances, but I can't recall ever needing to do any of that myself. I'm happy with the built-in Wifi adapter and its drivers, and all modern routers can be configured/set up over WiFi, can't they? They create a default network when first turned on, or if you factory-reset them using the physical reset button.
Oddly enough, point (A) is likely more relevant in the current world of laptops. At least if you use Windows. Plugging in a supported network adapter, may that be WiFi or Ethernet, may be the only way to get through the installation process, without jumping through hurdles, then install drivers for the built-in WiFi adapter, without jumping through another set of hurdles. (I own such a laptop, though I use Linux on said laptop so the WiFi just works.)
>Malicious hardware has plenty of precedent: it’s been used by intelligence agencies and private pentesters alike. Heck, a bit over a decade ago, I built an evil plasma globe for work. Still, we weren’t here to debate whether a malicious RJ45-to-USB adapter could be made. The important question was whether in this particular instance — as the poster put it — “the Chinese were at it again”.
The ISO thing is a little bit weird, but to be honest it's a creative way to try to evade corporate IT security policies restricting mass storage USB devices. I think optical drives use a different device class that probably evades most restrictions, so if you enumerate as a complex device that's a combo optical drive/network adapter, you might be able to install your own driver even on computers where "USB drives" have been locked out!
Then came the iODD and the IsoStick...
Anyways, I think it's clever for peripherals to help you bootstrap, and having the drivers baked into the device makes things a little easier instead of trying to find a canonical download source.
But multiple modes of operation really made it harder for to configure devices like those 4G/LTE USB dongles: they will either present as USB storage, or one type of serial device or a CDC-ACM modem device (or something of the sort), requiring a combination of the tools + vendor-specific AT commands to switch it into the right mode. Ugh, just get me back those simple devices that do the right thing OOB.
I remember it as Plug-n-Pray
I appreciate the ones that don't need their own drivers in the first places. Sure something needs special drivers but things like usb sticks and mice should just work using the default ones and let you get the updates from the internet if you want them.
https://blog.brixit.nl/making-a-usb-ethernet-adapter-work-sr...
In my case I disabled the SPI flash module to have it not appear as a CD drive, the author of this post actually found some documentation about the SPI being optional. Funnily enough this post now also gives you all the tooling to make an actual evil RJ45 dongle by reflashing one :D
I suspect this causes SO to always output the same value and the Ethernet controller must expect some magic
Looks like they had a footprint for a diode in a 3-pin SOT23 package and found they didn't have stock of the special part, so they installed a SOD323 diode at a 30 degree angle across two pins...
Seems that the origin of the "chinese hack" theory can be just resumed to: younger people not being used to this kind of old stuff.
I feel like that might have been what took out a neighbor down the street.
Sorry, I got distracted by the newspaper clipping in the article and had to laugh.