Before It's News

Shared publicly - 11:40 AM
#USB

Should You Be Worried About Malicious Things On Your USB Devices?

http://b4in.org/c6eM

It is the stuff of technological nightmares – malicious software which is undetectable by scans and which is capable of all the things we fear across all devices that come into contact with it.

Researchers in Berlin believe that such a thing could come to haunt us from deep within the functioning of USB devices, although the extent to which it will become a widespread problem is currently in dispute.

Karsten Nohl and Jakob Lell from the respected security consultancy SR Labs say that hackers could target the tiny chips used to control the operational systems of USB devices. Equipment such as a mouse, keyboard or flash drive would all be susceptible to the bugs, and computer security is not designed to detect threats at so fundamental a level within electronics components.

“You cannot tell where the virus came from. It is almost like a magic trick,” Nohl told Reuters reporter Jim Finkle.

Devices which are subsequently connected to an infected computer would also be at risk, with the potential for spreading the problem being obvious.

The scenario prompted Nohl to tell Wired reporter Andy Greenberg, who was among the first to report on the findings, that USBs may end up having to be treated “like hypodermic needles.”

Once established, the hostile element could be used to spy on communications, log keystrokes, remove data and send information to the hackers over the internet.

SR Labs performed their own investigative attacks by writing malicious code onto USB control chips used in various devices including smartphones, which constitute an area of particular expertise for the consultants.

Their findings will be presented at the upcoming Black Hat security conference in Las Vegas, under the title: “Bad USB – On Accessories that Turn Evil.”

SR Labs’ theory was tested by infecting controller chips made by the large Taiwanese manufacturer Phison Electronics Corp. The chips were then placed in USB memory drives and smartphones which run Google Inc’s Android operating system. Phison’s attorney, Alex Chiu, said that “Mr. Nohl did not offer detailed analysis together with work product to prove his finding,” and that “Phison does not have ground to comment (on) his allegation.” There was no comment from Google.

Unsurprisingly, there was no comment either from the NSA, to whom USB attacks like these may be old news, according to University of Pennsylvania computer science professor Matt Blaze, based in part on the revelations of Edward Snowden in 2013.

More http://b4in.org/c6eM







http://beforeitsnews.com/science-and...s-2711348.html