REAL WORLD EVENT DISCUSSIONS

USB 'critically flawed' after bug discovery, researchers say

POSTED BY: SIGNYM
UPDATED: Sunday, August 10, 2014 13:45
SHORT URL:
VIEWED: 1064
PAGE 1 of 1

Sunday, August 10, 2014 12:55 PM

SIGNYM

I believe in solving problems, not sharing them.


Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

Quote:

Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge. The duo said there is no practical way to defend against the vulnerability.

The body responsible for the USB standard said manufacturers could build in extra security. But Mr Nohl and Mr Lell said the technology was "critically flawed".

It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers. Most famously, the Stuxnet attack on Iranian nuclear centrifuges was believed to have been caused by an infected USB stick. However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted.

The vulnerability can be used to hide attacks in any kind of USB-connected device - such as a smartphone.

"It may not be the end of the world today," Mr Nohl told journalists, "but it will affect us, a little bit, every day, for the next 10 years".

USB memory stick in laptop The USB memory stick is a convenient connector used across many devices

"Basically, you can never trust anything anymore after plugging in a USB stick."
'Chip' exploited

USB - which stands for Universal Serial Bus - has become the standard method of connecting devices to computers due to its small size, speed and ability to charge devices. USB memory sticks quickly replaced floppy disks as a simple way to share large files between two computers. The connector is popular due to the fact that it makes it easy to plug in and install a wide variety of devices. Devices that use USB contain a small chip that "tells" the computer exactly what it is, be it a phone, tablet or any other piece of hardware.

It is this function that has been exposed by the threat. In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer. Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in. After just a few moments, the "keyboard" began typing in commands - and instructed the computer to download a malicious program from the internet.

Another demo, shown in detail to the BBC, involved a Samsung smartphone. When plugged in to charge, the phone would trick the computer into thinking it was in fact a network card. It meant when the user accessed the internet, their browsing was secretly hijacked.

Mr Nohl demonstrated to the BBC how they were able to create a fake copy of PayPal's website, and steal user log-in details as a result. Unlike other similar attacks, where simply looking at the web address can give away a scam website, there were no visible clues that a user was under threat. The same demo could have been carried out on any website, Mr Nohl stressed.

'Trust nothing'

Mike McLaughlin, a security researcher from First Base Technologies, said the threat should be taken seriously.

"USB is ubiquitous across all devices," he told the BBC. "It comes down to the same old saying - don't plug things in that you don't trust. Any business should always have policies in place regarding USB devices and USB drives. Businesses should stop using them if needed."


http://www.bbc.com/news/technology-28701124

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Sunday, August 10, 2014 1:03 PM

THGRRI


Wow Sig, USB's contain nothing more than downloaded files. If you did not realize that before you're lucky you have not gotten or passed on corrupted files yourself. Try using your security to scan downloaded files before opening them. Then scan the USB device itself when in use.

Sad if you would let someone insert a USB into your computer unless knowing fist of its contents and were certain of their intentions.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Sunday, August 10, 2014 1:11 PM

SIGNYM

I believe in solving problems, not sharing them.


Please read the story carefully. This trick bypasses even FORMATTING a USB drive. The flaw is not in the "contents".



--------------
THUGR is a know-nothing militarist. With emphasis on the know-nothing part, since he couldn't even figure our what this article was saying.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Sunday, August 10, 2014 1:45 PM

THGRRI


Quote:

Originally posted by SIGNYM:
Please read the story carefully. This trick bypasses even FORMATTING a USB drive. The flaw is not in the "contents".



--------------
THUGR is a know-nothing militarist. With emphasis on the know-nothing part, since he couldn't even figure our what this article was saying.



I still do not understand what it is you are saying is new. One of the fears I have had for years now is back doors being installed on military electronics we have manufactured overseas. It has been said Microsoft installs back doors on it's hardware for different purposes. It is the same thing. It is why it is important to know who manufactured the device you are using. The rest is a crap shoot.

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

YOUR OPTIONS

NEW POSTS TODAY

USERPOST DATE

OTHER TOPICS

DISCUSSIONS
Russia should never interfere in any other nation's internal politics, meanwhile the USA and IMF is helping kill Venezuela
Sun, November 24, 2024 07:48 - 103 posts
Japanese Culture, S.Korea movies are now outselling American entertainment products
Sun, November 24, 2024 07:24 - 51 posts
The parallel internet is coming
Sun, November 24, 2024 06:04 - 180 posts
Giant UFOs caught on videotape
Sun, November 24, 2024 05:43 - 8 posts
California on the road to Venezuela
Sun, November 24, 2024 05:41 - 26 posts
Russia says 60 dead, 145 injured in concert hall raid; Islamic State group claims responsibility
Sun, November 24, 2024 05:37 - 71 posts
MAGA movement
Sun, November 24, 2024 05:04 - 14 posts
Will Your State Regain It's Representation Next Decade?
Sun, November 24, 2024 03:53 - 113 posts
Any Conservative Media Around?
Sun, November 24, 2024 03:44 - 170 posts
Thread of Trump Appointments / Other Changes of Scenery...
Sun, November 24, 2024 03:40 - 42 posts
Where is the 25th ammendment when you need it?
Sun, November 24, 2024 01:01 - 18 posts
In the garden, and RAIN!!! (2)
Sat, November 23, 2024 23:46 - 4761 posts

FFF.NET SOCIAL