USB Has a Huge Security Vulnerability

USB isn’t safe anymore, thanks to a form of malware that can hide in the firmware on USB devices. Any USB device that can have firmware, from USB flash drives to Android devices, can infect any computer that interfaces with USB. From there, that computer can infect others. It’s not just any malware either. This can be used to completely take over a computer, altering files, connecting to the internet, and more. The malware is dangerous, undetectable, and unfortunately, it can’t be prevented or stopped.

Let’s say you have, in your possession, an infected USB drive. It could have files on it, look normal, and mount on your computer normally. You can scan it with your antivirus, but that wouldn’t do you any good, as the virus scan would come back clean. However, that direct connection to your computer will allow it to upload it’s malware. It’s nearly impossible to tell the difference between a clean USB device and an infected one. Any USB device, ones that have a chip for interacting with a computer, not just a regular cable, could be infected, and unless you know how to check the USB device’s firmware, there’s nothing you can do to prevent an attack. Even if you could check the firmware, there’s no uniform firmware to expect, every device could have different firmware. This means even an expert would have an issue figuring out whether or not a USB device has been infected.

Enough of the doom and gloom, what can you do? Surely you can’t prevent it, but you can choose to use a different approach. Don’t let just any USB device in your USB ports. Only use devices from people you trust. It’s unlikely that this malware will spread like wildfire, but it can be used by experts. Unless you have some enemies who would like to get into your computer specifically, such as a government organization or a angry ex, you’re unlikely to have any contact at all with this malware. There’s no way to fix this security vulnerability, so be safe.

Source: Gizmodo

 

Leave a Reply

Your email address will not be published. Required fields are marked *