Undetectable Security Flaw Found in USBs
- By Ginger Hill
- Jul 31, 2014
The humble USB that interconnects our digital lives may not be as safe as we think. New research reveals a fundamental security flaw in the way this little data-saving jewel functions, and it could wreak havoc on computer systems.
Security researchers, Karsten Nohl and Jakob Lell, have reverse engineered the firmware that controls the basic functions of USBs, discovering an embedded controller chip that allows the device and connected computer to send information back and forth. This malware does not sit in flash memory, but is instead, hidden in the firmware.
It’s virtually impossible to check if a device’s firmware has been tampered with, besides, the malware can travel both ways, via a USB to infect a computer and then the PC can infect other USBs plugged into it.
So, what can be done about this? Very little, actually, as there’s no patch code that can be used. The only viable action at this time is to not plug a USB device into any computer that you don’t trust and don’t plug untrusted USBs into computers.
Ginger Hill is Group Social Media Manager.