All the latest UK technology news, reviews and analysis
|
|
|
30 Oct 2009
USB sticks have been found to contain a significant security flaw which could be exploited to break into millions of computers around the world, according to researchers at MWR InfoSecurity.
The UK firm claimed that the flaw could allow the creation of USB sticks that "interrogate a computer and download the contents".
The researchers added that such devices are just months away from development, and are likely to be used by malevolent and sophisticated criminals to steal the contents of entire hard drives.
"What millions of us have seen in countless James Bond and other spy thrillers around the world has now taken a step closer to being realised," said Alex Fidgen, commercial director at MWR InfoSecurity.
"The bad guy plugging a small device into the system and removing sensitive data is no longer theoretical. It is possible."
Criminals could exploit a flaw in the driver software of USB devices to take control of systems and steal information. Fidgen claimed that MWR InfoSecurity has been concerned about these security implications for some time.
"Hackers are becoming more and more sophisticated, and business is under threat. Up until now people have felt secure in the knowledge that a simple USB stick could not copy their information without their permission. We have proved that it is not the case," he said.
The firm claimed that it has already cracked one operating system using its tools, and is now turning its attention to others. Fidgen added that the researchers had built the hack to raise awareness of the security issues, and had shared their findings with the UK government's Centre for the Protection of National Infrastructure.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
EU data protection overhaul contains "bureaucratic tick box-proposals", says information commissioner Christopher Graham in exclusive interview with V3
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Web C# ASP.NET Developer (Equity or Mutual Funds) London...
Senior Exploratory Tester - Selenium, Java, AJAX, WEB...
SQL DBA/ Data Architect (T-SQL, SSIS, ETL) - Derivatives...
Test Analyst (Web, QTP, Test Director, VB.NET, SQL...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
FUD
Short on facts, long on hyperbole. Great news story...
Posted by: Phil B 06 Nov 2009
USB stick security flaw
What level of expertise does hsab have to qualify his comments?
Posted by: Tony Hammond 04 Nov 2009
To Autorun or Not to Autorun?
What if I have USB Autorun disabled on the host computer and/or the computer locked down to only allow read access to removable media? mmm.....
Posted by: Tobiwan 04 Nov 2009
Catch up
This can be done by using a U3 enable USB pen, the key is designed to autorun the application when you insert your USB key. There is software out there that can edit this so you can autorun any application of your choice. An evil person can easily create a batch program that that will copy data from the victim machine to the USB. The victim doesn?t even need to open any applications just insert the rogue USB key. Or even more nasty, once you have plugged in your USB key, the nasty software will call back to a hackers machine and the data is transfer that way.
Posted by: Anon 02 Nov 2009
What are you guys ON?
Driver software for a USB stick? Cracked operating systems? Where do you get this crap? Out of this world. Literally.
Posted by: hsab 30 Oct 2009