Sunday, 14 September 2014

Watch Those USB Memory Sticks.

Those handy USB sticks we are all quite happy to pass around have just become a serious threat. We all know that these devices can store malware and infect any computer systems that they are plugged into. Not only that but the devices can even be infected by a being plugged into a computer. However, most people have anti-virus and other kinds of malware detection applications installed. 

The usual security software has previously detected infected devices when plugged into a computer. The new problem is being highlighted by researchers Karsten Nohl and Jakob Lell. That there are malware applications on USB devices that your software won't be able to detect. Instead of infected files being stored on the USB stick its the firmware that controls how USB works, that is being changed to contain the malware. Antivirus and other malware programs can't detect the data exchange between the Computer USB port and the hardware meaning there is no way to detect this problem and no way to protect against it. 

However, more worryingly is that USB firmware can be re-written by an infected PC allowing the infection to spread without any way to stop it. USB speakers, mice, keyboards, etc. are all potential attack vectors now. 

Here are two articles for further reading.
http://www.wired.com/2014/07/usb-security/
http://gizmodo.com/usb-has-a-fundamental-security-flaw-that-you-cant-detec-1613833339

No comments:

Post a Comment

Please put your name to your comment. Comments without a name may automatically be treated as spam and might not be included.

If you do not wish your comment to be published say so in your comment. If you have a tip or sensitive information you’d prefer to share anonymously, you may do so. I will delete the comment after reading.