Serious Security Flaw in USB Devices

densolis's picture

I just ran across an article regarding a new discovered security flaw in any USB devices. And yes Virginia, this could affect Mac's. Someone has discovered how to store viruses / malware in the firmware of a USB devices. Here is an excerpt from the article along with a link to the full article.

"Undetectable malware can be hidden in any USB flash drive, according to security researchers Karsten Nohl and Jakob Lell. This is very bad news for home users who pass around USB drives, and for corporate IT managers who may have to ban the popular devices from business networks

To demonstrate the vulnerability of USB drives, the researchers wrote some proof-of-concept malware (which we can only hope no one copies) called BadUSB. It is a collection of malicious apps that can modify any software installed from a USB drive on a target computer; completely take over control of an infected PC; and even redirect users’ Internet traffic.

Erasing or reformatting the USB drive does not destroy the malware, which hides in the USB device’s firmware that controls the drive’s basic functions. This previously unknown vulnerability is part of the USB standard’s design; as such, it can’t be eliminated without re-engineering every USB device."

Comments

USB

BeachsidePaul's picture

Dennis, I heard about this also and, unfortunately, there is no way to tell if the USB device has been infected. The suggestion of the commentator was to 1) only use usb drives straight out of the manufacturer's packaging, 2) do NOT share usb drives, the infection could, theoretically, be transferred from infected computer to usb firmware, and 3) do not accept usb drive promotional items at conferences, trade shows, Drupalcamps etc. very sad situation right now.

I have seen corporate prevention for this

GeoCamp's picture

It is simple. Disable USB ports. Anything to be loaded on your PC has to go through the IT department, delivered to a repository, or through email. And email blocks links. Although it was rudimentary compared to today's threats, corporations removed floppy drives for the same reason years ago.

Of course this does not protect all businesses or home users who usually are more the victims.

Florida

Group organizers

Group categories

Florida Topics

Group events

Add to calendar

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: