By Joseph Mayton
Users are being warned about a new security vulnerability related to USBs. New research reveals the USB standard boasts a security flaw that can give a hacker the ability to take over any device the USB is connected to.
The researchers were able to hack into USB devices, where they accessed the USB controller chip that allows the device to communicate with the computer. The researchers then were able to change the device’s firmware.
All USB devices, from a USB key to an external keyboard connected through a USB, can be hit and compromised, said researchers Karsten Nohl and Jakob Lell. The two said they will present their proof-of-findings at the Black Hat conference next week.
“These problems can’t be patched,” says Nohl. “We’re exploiting the very way that USB is designed.”
“You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s clean, [but] the cleaning process doesn’t even touch the files we’re talking about.”
Virus protectors? Not going to work here, as even if your computer is fully protected against malware.
It is the latest privacy and security issue to hit the tech world, which has been rocked over the past 18 months by privacy and cybersecurity concerns. That applies especially after whistleblower Edward Snowden revealed a massive surveillance project by the National Security Agency against regular citizens.
The issue of cyber security has become a main point of interest for users, and Tech Times reported recently that the ability to defend against cyber attacks remains limited and more efforts need to be made to ensure users are safe from outside hackers.
A study published by the Ponemon Institute and Unisys revealed critical infrastructure industries across the planet have major security gaps.
Nearly 70 percent of the surveyed companies are also responsible for water, power and other critical functions, and all of them reported a breach in security at their companies that led to either a disruption in operations or loss of sensitive information in the last 12 months.