This is old news to some extent as variations on this have been around for a long time, but this one in particular seems really disconcerting.
Attack code for 'unpatchable' USB flaw released
http://www.bbc.com/news/technology-29475566
It's a long way from something popular or likely to affect anyone here but I can see an evil group buying up a ton of flash drives and leaving them places. More broadly I hope they figure out how to fix this. In the mean time, I'll only trust new USB devices and -- for any high security stuff -- avoid USB altogether (I've heard this is already the case for most secure government computers).
Use caution with used USB devices
Re: Use caution with used USB devices
Yep, users beware... 
I crossed paths with that info and it did worry me some, since I'm a heavy user of USB devices and short of using an "USB condom" (see below) for unknown devices, I see no easy remedy...
http://www.pcworld.com/article/2599408/ ... ports.html
http://int3.cc/products/usbcondoms
I crossed paths with that info and it did worry me some, since I'm a heavy user of USB devices and short of using an "USB condom" (see below) for unknown devices, I see no easy remedy...
http://www.pcworld.com/article/2599408/ ... ports.html
http://int3.cc/products/usbcondoms
Re: Use caution with used USB devices
The problem is the same as the feature which made USB popular in the first place: when you plug in an USB device, it just works. The device automatically tells the computer what kind of device it is.
AFAIK, the idea that e.g. a malicious thumb drive can identify itself as a keyboard is not new. What is new, however, is that the researches were able to overwrite the firmware of a thumb drive programmatically. It opens up the possibility of a USB virus that infects both computers and USB drives. Such a virus would be extremely hard to get rid of.
AFAIK, the idea that e.g. a malicious thumb drive can identify itself as a keyboard is not new. What is new, however, is that the researches were able to overwrite the firmware of a thumb drive programmatically. It opens up the possibility of a USB virus that infects both computers and USB drives. Such a virus would be extremely hard to get rid of.
My YouTube channel | Release date of my 13th playlist: August 24, 2020
Re: Use caution with used USB devices
Dug into this a bit and the unfortunate thing about this product is that it exclusively allows for power transmission rather than preventing data issues. So essentially if someone used this, they couldn't interface with their computer, just recharge.Midas wrote:http://int3.cc/products/usbcondoms
Maybe something with a "read only" switch would work? I know you can get a standard sized SD card and flip the switch on those but they are exceedingly fragile. I've lost a few of them to very light wear and tear.
Re: Use caution with used USB devices
webfork wrote:Maybe something with a "read only" switch would work? I know you can get a standard sized SD card and flip the switch on those but they are exceedingly fragile.
- I've seen software for that effect in USBs -- I doubt it would prove effective in this threat scenario, though.
