USB Security Flaw Released In the Wild

usb-flash-drivesUSB has been incredibly useful for consumers and manufacturers alike. The standardized interface makes it incredibly easy to connect just about any type of peripheral to your computer. It has become so ubiquitous that there are hardly any peripherals to don’t feature it. One of the biggest uses for it is for external storage either through a hard drive or a flash memory stick. But what if I told you that you should be extremely careful because plugging an unknown USB device into your computer could infect it with a virus or malware? That is precisely the problem that computer users are now facing with a flaw that has been named .

The Issue

The reason that USB is so easy to use is that it has a standardized hardware interface for quickly and easily communicating between the device and the computer. The problem is that when a USB device is plugged in, the firmware communicates with the controllers to identify what type of device it is. This allows the computer to use the necessary drivers to allow proper communication. The issue is that if the firmware of the USB device is reprogrammed into a different type of class of device, it can be used to record data, issue commands to the computer, rewrite firmware of other USB devices or even install malware on the computer all automatically.

Why its a Really Big Problem

The level at which the malware can be injected into the USB device and infect computers is done at such a low level of the USB operation that there is no easy way to patch the problem. Software patches may prevent some of the malicious activities but it can’t completely prevent them without the whole USB standard being redesigned which is near impossible. To rewrite the USB standard would mean no backward compatibility with older devices which is one of the cornerstones of why the interface became so popular and easy to use.

BadUSB Code Released

While the initial notice of the security flaw was announced in 2014 at a BlackHat security conference, actual . This means that there is code that could exploit specific USB devices and computers that hackers can get and use. At this point, it isn’t just a theoretical thing but something that can actually impact users.

What Can You Do?

SD Cards Can Be Used In Place of USB Flash Drives

SD Cards Can Be Used In Place of USB Flash Drives

There is no easy way to detect infected devices. As a result, the only way to avoid this is to not use USB devices unless you are absolutely sure that it is not infected. This means a brand new USB flash drive is probably safe or one that you have used on your PCs only. If someone you are not familiar with hands you a USB device to use with your PC, then you have to decide if you should use it and put your PC at risk or just set it aside for security reasons. One alternative to using a USB flash drive would be to use an SD flash media card. These are supported by many laptops or computers and do not have the same flaw.

Leave a Reply

Your email address will not be published. Required fields are marked *