Undetectable Security Flaw Found in USBs -- Security Today

Undetectable Security Flaw Found in USBs

By Ginger Hill
Jul 31, 2014

Undetectable Security Flaw Found in USBs The humble USB that interconnects our digital lives may not be as safe as we think. New research reveals a fundamental security flaw in the way this little data-saving jewel functions, and it could wreak havoc on computer systems.

Security researchers, Karsten Nohl and Jakob Lell, have reverse engineered the firmware that controls the basic functions of USBs, discovering an embedded controller chip that allows the device and connected computer to send information back and forth. This malware does not sit in flash memory, but is instead, hidden in the firmware.

It’s virtually impossible to check if a device’s firmware has been tampered with, besides, the malware can travel both ways, via a USB to infect a computer and then the PC can infect other USBs plugged into it.

So, what can be done about this? Very little, actually, as there’s no patch code that can be used. The only viable action at this time is to not plug a USB device into any computer that you don’t trust and don’t plug untrusted USBs into computers.

About the Author

Ginger Hill is Group Social Media Manager.

Featured

Report: Advanced Phishing Attacks Grew By 356 Percent in 2022

A report recently published by Perception Point, a provider of advanced threat prevention across digital channels, has identified a 356% growth in the amount of advanced phishing attacks attempted by threat actors in 2022. Overall, the total number of attacks increased by 87%, highlighting the growing threat that cyber-attacks now pose to organizations. Read Now
- Cybersecurity
DHS Announces First Department-Wide Policy on Body-Worn Cameras

As required by President Biden’s Executive Order on Advancing Effective, Accountable Policing and Criminal Justice Practices to Enhance Public Trust and Public Safety, Secretary of Homeland Security Alejandro N. Mayorkas recently announced the first Department-wide policy on Body-Worn Cameras (BWCs) for its law enforcement officers and agents. Read Now
- Government
Federal Agencies Reported More Than 30,000 Cyber Incidents In FY22

In the fiscal year 2022, Federal agencies saw fewer cyber incidents overall, which decreased by around 6%. Read Now
- Cybersecurity
- Government
The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

Over the past two years, the Biden Administration has taken a series of steps centered on quantum and cybersecurity. Read Now
- Cybersecurity

Webinars

Seneca,Nvidia

Simple Selling with Seneca Vision AI Validated Solutions
Hanwha Vision (formerly Hanwha Techwin)

New Ways to Train an Effective Security Team
Hanwha Vision (formerly Hanwha Techwin)

Seeing Beyond Your Perimeter

Whitepapers

Hytera

Push-to-Talk Over Cellular (PoC) for Security Professionals
Vicon Industries

Superior Security Begins with a Single Pane of Glass
Winsted Corporation

Top Considerations When Designing an Ergonomic Control Room

New Products

ALTO Neoxx Electronic Padlock

Built to withstand all access control needs, the tough new SALTO Neoxx electronic padlock takes security beyond your expectations. 3
ComNet CNGE6FX2TX4PoE

The ComNet cost-efficient CNGE6FX2TX4PoE is a six-port switch that offers four Gbps TX ports that support the IEEE802.3at standard and provide up to 30 watts of PoE to PDs. It also has a dedicated FX/TX combination port as well as a single FX SFP to act as an additional port or an uplink port, giving the user additional options in managing network traffic. The CNGE6FX2TX4PoE is designed for use in unconditioned environments and typically used in perimeter surveillance. 3
LiftMaster Garage Door Opener

LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3