BadUSB exploit affects more than half of USB devices

vbimport

#1

We’ve just posted the following news: BadUSB exploit affects more than half of USB devices[newsimage]http://static.myce.com//images_posts/2009/07/usb-drive.jpg[/newsimage]

More than than 50% of the USB devices currently on the market are vulnerable to the BadUSB exploit.

            Read the full article here: [http://www.myce.com/news/badusb-exploit-affects-more-than-half-of-usb-devices-73458](http://www.myce.com/news/badusb-exploit-affects-more-than-half-of-usb-devices-73458)

            Please note that the reactions from the complete site will be synched below.

#2

Why are they focusing solely on USB memory chips? Other USB devices also have reprogrammable firmware, is printers, portable HDDs and portable optical drives. That’s just off the top of my head.


#3

One possible solution would be an OS update that displays a security warning when a second keyboard or mouse is detected that asks the user to confirm that they connected a keyboard or mouse using the already connected keyboard/mouse. For example, if someone attaches a cordless mouse to a laptop for the first time, they would use the touchpad to click on ‘Yes’.

If the user selects ‘No’, then it will disable any keyboard/mouse functionality of the attached device and a warning be displayed that this device is potentially infected.

In theory, most devices should work fine without providing keyboard/mouse functionality. The only exception I can think of is the ‘Backup’ button on some external hard disks which usually sends a key combination to launch the backup software (e.g. the old Maxtor OneTouch). Most printers and scanners on the other hand use the product driver for handling their device buttons.