There are no active ads.

Advertisement

Security Researchers Discover Fundamental Security Flaw in USB, No Fix in Sight

by Maximum PC | August 2, 2014August 2, 2014 6:00 am PST

usb_plug

The bad side of USB

Oh great, as if it wasn’t bothersome enough knowing that all our online communications are susceptible to government spying with very little we can do about it, now we’ve come to find out that just by having a USB port, there exists a pretty serious security risk every time we plug in a compatible peripheral. The problem is that virtually any of the millions of USB devices out there can be reprogrammed for malicious purposes, and there doesn’t appear to be much we can do about it.

Security Research Labs in Berlin has given a name to the fundamental flaw in USB — “BadUSB.” At issue is that every USB device has a controller chip that controls the USB connection to other devices. Those controllers have firmware, and if reprogrammed — which is easy to do since the USB-IF focused more on compatibility than security — a benign device like a keyboard or mouse can suddenly turn evil.

“A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer,” SRLabs explains.

The device can also spoof a network card and change the computer’s DNS setting to redirect traffic. Unfortunately, there are no known defenses against this other than not using your USB devices. Malware scanners can’t access the firmware running USB devices, and behavioral detection isn’t reliable since a BadUSB device’s behavior simply looks like a user plugged in a new device.

“Once infected, computers and their USB peripherals can never be trusted again,” SRLabs added.

The best analogy so far comes from ExtremeTech, which likens the situation to having unprotected sex. In other words, if you plug your USB device into another PC, you can assume it’s been compromised.

More From MaximumPC

Attention Comic Collectors, Rare ‘Action Comics #1’ Hits Ebay in August

Superman’s first comic is likely to command $2-3 million By the end of summer, a rare copy of Action Comics #1 featuring Superman’s first appearance will change hands. The valuable comic is going up for auction on eBay where it will almost certainly fetch around $2 million, if not considerably more. Even though it sold for a mere 10 […]

MSI Drops RAM Heavy GT72 Dominator Pro into Gaming Laptop Arena

A desktop replacement that’s short on compromises Looking to replace your desktop system with a laptop but weary of the performance you might be giving up? If so, then you owe it to yourself to check out MSI’s new GT72 Dominator Pro laptop line. Available in two SKUs, the Dominator Pro is a 17.3-inch laptop […]

Original Post by Paul Lilly, Reposted Courtesy of Maximum PC – Covering everything from hi-end gaming PCs to tablets, peripherals and home theater rigs, Maximum PC’s print and Web editions stay one step ahead of the fast-changing world of everything computer and computing related. Whether its the latest on building your own desktop system, reviews of the latest laptops and accessories, or roundups of the games and software that make your machine go, Maximum PC brings it to you with news, reviews, and years of expertise. TechnoBuffalo is thrilled to bring you the best of Maximum PC right here on our own pages to keep you immersed in all things digital.


Maximum PC

Covering everything from hi-end gaming PCs to tablets, peripherals and home theater rigs, Maximum PC's print and Web editions stay one step ahead of...

Advertisement

Advertisement

Advertisement