Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»USB 'critically flawed' a...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

eppur_se_muova

(36,262 posts) Sun Aug 10, 2014, 06:13 PM Aug 2014

USB 'critically flawed' after bug discovery, researchers say (BBC)

Last edited Sun Aug 10, 2014, 07:04 PM - Edit history (1)

By Dave Lee
Technology reporter, BBC News

Cyber-security experts have dramatically called into question the safety and security of using USB to connect devices to computers.

Berlin-based researchers Karsten Nohl and Jakob Lell demonstrated how any USB device could be used to infect a computer without the user's knowledge.

The duo said there is no practical way to defend against the vulnerability.
***
However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted.

The vulnerability can be used to hide attacks in any kind of USB-connected device - such as a smartphone.
***
more: http://www.bbc.com/news/technology-28701124

InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 14 replies, 1391 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (1) ReplyReply to this post
14 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies
USB 'critically flawed' after bug discovery, researchers say (BBC) (Original Post) eppur_se_muova Aug 2014 OP
Ok, so everyone just throws out our current computers and starts over with a new standard? Electric Monk Aug 2014 #1
So phones can no longer be plugged into computers to charge villager Aug 2014 #2
How is this new? fujiyama Aug 2014 #3
Exactly 4b5f940728b232b034e4 Aug 2014 #4
Agree, this is how they hacked PS3. joshcryer Aug 2014 #9
The answer is with the manufacturers IDemo Aug 2014 #5
I've updated the firmware on both my keyboard and my mouse multiple times. MohRokTah Aug 2014 #7
So they left the factory with untested firmware IDemo Aug 2014 #8
Better response times, etc. MohRokTah Aug 2014 #10
OK, but for the vast number of peripherals, IDemo Aug 2014 #11
Printers wil occasionally require firmware updates, too. MohRokTah Aug 2014 #12
There is actually network software that will prevent the use of USB's. trumad Aug 2014 #6
So what do we do? mrsadm Aug 2014 #13
I have seen problems with USB's here in Korea davidpdx Aug 2014 #14
 

villager

(26,001 posts)
2. So phones can no longer be plugged into computers to charge
Reply to eppur_se_muova (Original post)
Sun Aug 10, 2014, 06:18 PM
Aug 2014

It seems virtually the whole digital network informing our lives... is compromised

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

fujiyama

(15,185 posts)
3. How is this new?
Reply to eppur_se_muova (Original post)
Sun Aug 10, 2014, 06:42 PM
Aug 2014

Hasn't this been a known vulnerability for some time? It's not like the USB standard came out yesterday. It's been around for almost twenty years now.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

IDemo

(16,926 posts)
5. The answer is with the manufacturers
Reply to eppur_se_muova (Original post)
Sun Aug 10, 2014, 07:30 PM
Aug 2014

When was the last time you felt compelled to do a firmware upgrade on a USB stick or keyboard? Never? Me, neither. If the EEPROM chips used to store a USB device's firmware were replaced with good old fashioned write-once ROM memory, they couldn't be overwritten by malware.

Problem solved. Next?

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

MohRokTah

(15,429 posts)
7. I've updated the firmware on both my keyboard and my mouse multiple times.
Reply to IDemo (Reply #5)
Sun Aug 10, 2014, 08:23 PM
Aug 2014

Both are game devices, so updates are fairly consistent.

Drivers, too.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

IDemo

(16,926 posts)
8. So they left the factory with untested firmware
Reply to MohRokTah (Reply #7)
Sun Aug 10, 2014, 08:30 PM
Aug 2014

I haven't owned any gaming gear, but have worked in electronics R&D for nearly 20 years and have been responsible for installing and maintaining hundreds of test PC's. I have never needed to touch the firmware on any USB peripheral.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

MohRokTah

(15,429 posts)
10. Better response times, etc.
Reply to IDemo (Reply #8)
Sun Aug 10, 2014, 08:38 PM
Aug 2014

They design better firmware for response in newer games.

The only gamer keyboards I've never had to update firmware on has been the mechanical keyboards, which I've found are far superior to the lower end gamer keyboards and mice.

I have a mouse with twelve buttons controlled by my thumb for use in MMORPGs. Firmware updates can be essential with some of the newer games. since my entire rotation is controlled by my thumb on my right hand.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

IDemo

(16,926 posts)
11. OK, but for the vast number of peripherals,
Reply to MohRokTah (Reply #10)
Sun Aug 10, 2014, 08:50 PM
Aug 2014

and let me emphasize, vast number, keyboards and mice are IO devices which have been around for a very long time and don't need exotic functions or response times. There is no reason that these items should require firmware updates. If for gaming or military USB devices such need exists, they can certainly continue to employ upgradeable firmware and be marked as vulnerable. But there is simply no reason for most items to continue to be left open to infections with re-writable controller memory. It's a trivial fix.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
 

MohRokTah

(15,429 posts)
12. Printers wil occasionally require firmware updates, too.
Reply to IDemo (Reply #11)
Sun Aug 10, 2014, 09:14 PM
Aug 2014

For the most part, though, you don't update firmware on USB devices.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post

davidpdx

(22,000 posts)
14. I have seen problems with USB's here in Korea
Reply to eppur_se_muova (Original post)
Sun Aug 10, 2014, 10:33 PM
Aug 2014

while teaching at universities. The computers in the classrooms are used by many different people who plug their memory sticks in to use files during class.

TopBack to the top of the page AlertAlert this post for a rule violation ShareGet links to this post PowersThere are no powers you can use on this post
  EditCannot edit other people's posts RecommendRecommend this post ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»USB 'critically flawed' a...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.