Undetectable Security Flaw Found in USBs

Undetectable Security Flaw Found in USBs

Undetectable Security Flaw Found in USBsThe humble USB that interconnects our digital lives may not be as safe as we think. New research reveals a fundamental security flaw in the way this little data-saving jewel functions, and it could wreak havoc on computer systems.

Security researchers, Karsten Nohl and Jakob Lell, have reverse engineered the firmware that controls the basic functions of USBs, discovering an embedded controller chip that allows the device and connected computer to send information back and forth. This malware does not sit in flash memory, but is instead, hidden in the firmware.

It’s virtually impossible to check if a device’s firmware has been tampered with, besides, the malware can travel both ways, via a USB to infect a computer and then the PC can infect other USBs plugged into it.

So, what can be done about this? Very little, actually, as there’s no patch code that can be used. The only viable action at this time is to not plug a USB device into any computer that you don’t trust and don’t plug untrusted USBs into computers.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

New Products

  • ADI Control4 product image

    ADI Control4® X4 & Control4® Connect

    Drive long-term system value and reduce post-installation friction with a visually redesigned control interface paired with a secure, future-ready smart service framework.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • Zenitel Cloud RMM

    Zenitel Cloud Remote Monitoring & Management (RMM)

    Enhance operational uptime and slash maintenance costs across multi-site environments with secure, centralized cloud-based system diagnostics and lifecycle management.