A flaw in the driver software of USB devices could allow criminals to steal information
USB stick security flaw puts data at risk
/v3-uk/news/2007164/usb-stick-security-flaw-risk
30 Oct 2009, Dave Neal , V3
USB sticks have been found to contain a significant security flaw which could be exploited to break into millions of computers around the world, according to researchers at MWR InfoSecurity.
The UK firm claimed that the flaw could allow the creation of USB sticks that "interrogate a computer and download the contents".
The researchers added that such devices are just months away from development, and are likely to be used by malevolent and sophisticated criminals to steal the contents of entire hard drives.
"What millions of us have seen in countless James Bond and other spy thrillers around the world has now taken a step closer to being realised," said Alex Fidgen, commercial director at MWR InfoSecurity.
"The bad guy plugging a small device into the system and removing sensitive data is no longer theoretical. It is possible."
Criminals could exploit a flaw in the driver software of USB devices to take control of systems and steal information. Fidgen claimed that MWR InfoSecurity has been concerned about these security implications for some time.
"Hackers are becoming more and more sophisticated, and business is under threat. Up until now people have felt secure in the knowledge that a simple USB stick could not copy their information without their permission. We have proved that it is not the case," he said.
The firm claimed that it has already cracked one operating system using its tools, and is now turning its attention to others. Fidgen added that the researchers had built the hack to raise awareness of the security issues, and had shared their findings with the UK government's Centre for the Protection of National Infrastructure.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
USB stick security flaw
What level of expertise does hsab have to qualify his comments?
Posted by Tony Hammond, 04 Nov 2009
To Autorun or Not to Autorun?
What if I have USB Autorun disabled on the host computer and/or the computer locked down to only allow read access to removable media? mmm.....
Posted by Tobiwan, 04 Nov 2009
What are you guys ON?
Driver software for a USB stick? Cracked operating systems? Where do you get this crap? Out of this world. Literally.
Posted by hsab, 30 Oct 2009
Catch up
This can be done by using a U3 enable USB pen, the key is designed to autorun the application when you insert your USB key. There is software out there that can edit this so you can autorun any application of your choice. An evil person can easily create a batch program that that will copy data from the victim machine to the USB. The victim doesn?t even need to open any applications just insert the rogue USB key. Or even more nasty, once you have plugged in your USB key, the nasty software will call back to a hackers machine and the data is transfer that way.
Posted by Anon, 02 Nov 2009
FUD
Short on facts, long on hyperbole.
Great news story...
Posted by Phil B, 06 Nov 2009