It is currently Sat Oct 25, 2014 2:26 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Use caution with used USB devices
PostPosted: Sun Oct 12, 2014 2:04 pm 
Offline
User avatar

Joined: Wed Apr 11, 2007 8:06 pm
Posts: 4454
Location: US, Texas
This is old news to some extent as variations on this have been around for a long time, but this one in particular seems really disconcerting.

Attack code for 'unpatchable' USB flaw released
http://www.bbc.com/news/technology-29475566

It's a long way from something popular or likely to affect anyone here but I can see an evil group buying up a ton of flash drives and leaving them places. More broadly I hope they figure out how to fix this. In the mean time, I'll only trust new USB devices and -- for any high security stuff -- avoid USB altogether (I've heard this is already the case for most secure government computers).

_________________
Free Justin | Electronic Frontier Foundation | Projects donated to: VLC, CubicExplorer, Ditto, Greenshot, TrueCrypt, WinSplit, ClickyGone, ImgBurn, Rockbox


Top
 Profile  
 
 Post subject: Re: Use caution with used USB devices
PostPosted: Mon Oct 13, 2014 2:01 am 
Offline
User avatar

Joined: Mon Dec 07, 2009 7:09 am
Posts: 1898
Location: Terra @ Sol System
Yep, users beware... :(

I crossed paths with that info and it did worry me some, since I'm a heavy user of USB devices and short of using an "USB condom" (see below) for unknown devices, I see no easy remedy...

http://www.pcworld.com/article/2599408/usb-condom-promises-to-protect-your-dongle-from-infected-ports.html
http://int3.cc/products/usbcondoms


Top
 Profile  
 
 Post subject: Re: Use caution with used USB devices
PostPosted: Mon Oct 13, 2014 9:19 am 
Offline
User avatar

Joined: Sat Jul 31, 2010 1:19 am
Posts: 1139
Location: Helsinki, Finland
The problem is the same as the feature which made USB popular in the first place: when you plug in an USB device, it just works. The device automatically tells the computer what kind of device it is.

AFAIK, the idea that e.g. a malicious thumb drive can identify itself as a keyboard is not new. What is new, however, is that the researches were able to overwrite the firmware of a thumb drive programmatically. It opens up the possibility of a USB virus that infects both computers and USB drives. Such a virus would be extremely hard to get rid of. :(

_________________
My YouTube channel | Release date of my seventh playlist: August 11, 2014


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group