Undetectable Security Flaw Found in USBs -- Security Today

Undetectable Security Flaw Found in USBs

By Ginger Hill
Jul 31, 2014

Undetectable Security Flaw Found in USBs The humble USB that interconnects our digital lives may not be as safe as we think. New research reveals a fundamental security flaw in the way this little data-saving jewel functions, and it could wreak havoc on computer systems.

Security researchers, Karsten Nohl and Jakob Lell, have reverse engineered the firmware that controls the basic functions of USBs, discovering an embedded controller chip that allows the device and connected computer to send information back and forth. This malware does not sit in flash memory, but is instead, hidden in the firmware.

It’s virtually impossible to check if a device’s firmware has been tampered with, besides, the malware can travel both ways, via a USB to infect a computer and then the PC can infect other USBs plugged into it.

So, what can be done about this? Very little, actually, as there’s no patch code that can be used. The only viable action at this time is to not plug a USB device into any computer that you don’t trust and don’t plug untrusted USBs into computers.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

ISC West 2026 Surges with AI Innovation and Record Crowds

From packed aisles and AI breakthroughs to the rise of mobile surveillance, the security industry is hitting its stride with a new era of digital content. Read Now
- Industry Events
- ISC West
ISC West 2026 Opening is a Smash!

The security industry converges in Las Vegas as pre-COVID attendance levels return, highlighting the rise of AI and license plate recognition technology. Read Now
- Industry Events
- ISC West
Anticipating The Future Of Security Innovation At ISC West 2026

From emerging technologies to renewed partnerships, this year’s event sets the stage for what’s next in physical security. Read Now
- Industry Events
- ISC West
Strengthening Healthcare Security with Sentri-Zone

With over half of physicians feeling unprotected at work, Sentri-Zone offers a proactive shield against the rising tide of healthcare violence. Read Now
- Hospital
- Facility Security
- Physical Security
Executive Protection in a Noisy World: Why Speed and Defensibility Matter

CSOs are not short on data; they are short on time and trust. This is particularly true when it comes to Executive Protection (EP) in a high-velocity threat environment, where an online post can escalate into a real-world incident within minutes. Read Now

Artificial Intelligence

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Automatic Systems V07

Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.
4K Video Decoder

3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.