Undetectable Security Flaw Found in USBs

Undetectable Security Flaw Found in USBs

Undetectable Security Flaw Found in USBsThe humble USB that interconnects our digital lives may not be as safe as we think. New research reveals a fundamental security flaw in the way this little data-saving jewel functions, and it could wreak havoc on computer systems.

Security researchers, Karsten Nohl and Jakob Lell, have reverse engineered the firmware that controls the basic functions of USBs, discovering an embedded controller chip that allows the device and connected computer to send information back and forth. This malware does not sit in flash memory, but is instead, hidden in the firmware.

It’s virtually impossible to check if a device’s firmware has been tampered with, besides, the malware can travel both ways, via a USB to infect a computer and then the PC can infect other USBs plugged into it.

So, what can be done about this? Very little, actually, as there’s no patch code that can be used. The only viable action at this time is to not plug a USB device into any computer that you don’t trust and don’t plug untrusted USBs into computers.

About the Author

Ginger Hill is Group Social Media Manager.

Digital Edition

  • Security Today Magazine - October 2020

    October 2020

    Featuring:

    • No Touch, Low Touch
    • Going the Distance
    • Accelerating Security
    • Bringing Rapid Identification
    • Shifting Strategies

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • Spaces4Learning
  • Campus Security & Life Safety