Think Twice and More Before Sharing Your USB Flash Drive
USB flash drives are a serious security risk. They can spread computer viruses the way reused needles spread real ones. German security researchers at Security Research Labs in Berlin claim that USB-connected devices have a fatal flaw. Anything that connects via USB can be reprogrammed to pose as another device. The researchers say that many other types of USB peripherals can also spread malware. That means a stranger’s USB stick could dupe your computer into thinking it’s a keyboard, then type in certain commands and surreptitiously take control of your laptop. Or it could pose as a network card, redirecting your Internet communications by changing your DNS settings so that someone could spy on what you’re doing. Identity theft, bank fraud, extortion – anything follows. The researchers’ basic thesis is this: a) Many peripheral devices incorporate special USB-controller chips that themselves can be reprogrammed. b) There are no protections in place to prevent a malicious party from manipulating one of these USB
controller chips in this way. c) Such a hack could enable the peripheral to inject malware into your computer. The problem is made worse because modern day antivirus and protection software won’t catch it. USB duping isn’t technically a computer virus in action, but just a device camouflaged as another one. So there’s no solution for it right now except simply barring flash drives. The SRLabs researchers Nohl, JakobLell and SaschaKrissler tested with several types of flash drives as well as Android smartphones, which connect to computers via USB ports. Fundamentally, the USB flaw exists because of the convenient nature of computer universal serial bus (USB) ports – they’re universal. They accept all sorts of devices -- mouses, microphones, printers, etc.