General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsUSB 'critically flawed' after bug discovery, researchers say (BBC)
Last edited Sun Aug 10, 2014, 07:04 PM - Edit history (1)
By Dave Lee
Technology reporter, BBC News
Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.
Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.
The duo said there is no practical way to defend against the vulnerability.
***
However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted.
The vulnerability can be used to hide attacks in any kind of USB-connected device - such as a smartphone.
***
more: http://www.bbc.com/news/technology-28701124
Electric Monk
(13,869 posts)villager
(26,001 posts)It seems virtually the whole digital network informing our lives... is compromised
fujiyama
(15,185 posts)Hasn't this been a known vulnerability for some time? It's not like the USB standard came out yesterday. It's been around for almost twenty years now.
4b5f940728b232b034e4
(120 posts)It's just a fake keyboard. key capturers have been out even longer.
joshcryer
(62,270 posts)IDemo
(16,926 posts)When was the last time you felt compelled to do a firmware upgrade on a USB stick or keyboard? Never? Me, neither. If the EEPROM chips used to store a USB device's firmware were replaced with good old fashioned write-once ROM memory, they couldn't be overwritten by malware.
Problem solved. Next?
MohRokTah
(15,429 posts)Both are game devices, so updates are fairly consistent.
Drivers, too.
IDemo
(16,926 posts)I haven't owned any gaming gear, but have worked in electronics R&D for nearly 20 years and have been responsible for installing and maintaining hundreds of test PC's. I have never needed to touch the firmware on any USB peripheral.
MohRokTah
(15,429 posts)They design better firmware for response in newer games.
The only gamer keyboards I've never had to update firmware on has been the mechanical keyboards, which I've found are far superior to the lower end gamer keyboards and mice.
I have a mouse with twelve buttons controlled by my thumb for use in MMORPGs. Firmware updates can be essential with some of the newer games. since my entire rotation is controlled by my thumb on my right hand.
IDemo
(16,926 posts)and let me emphasize, vast number, keyboards and mice are IO devices which have been around for a very long time and don't need exotic functions or response times. There is no reason that these items should require firmware updates. If for gaming or military USB devices such need exists, they can certainly continue to employ upgradeable firmware and be marked as vulnerable. But there is simply no reason for most items to continue to be left open to infections with re-writable controller memory. It's a trivial fix.
MohRokTah
(15,429 posts)For the most part, though, you don't update firmware on USB devices.
trumad
(41,692 posts)mrsadm
(1,198 posts)davidpdx
(22,000 posts)while teaching at universities. The computers in the classrooms are used by many different people who plug their memory sticks in to use files during class.