Two researchers are looking to change the way you think about USB drives. Mainly, to get you to dismiss the notion that they are safe to use. Or to pass around.
USB drives have become a bit of a dinosaur, thanks to cloud storage, SD and micro cards, p2p sharing and desktop transmission applications like Dropbox. But some people still use them, and they are a frequently gifted business item used as a promotional tool from many corporations.
The problem besides their age and lack of functionality in a world of big storage needs? They are flat out dangerous.
While you would hope that anyone using a USB would at least run it through a threat detection program, not everyone does. And when they do, malware isn’t always detected lurking among the files.
This, Karsten Nohl and Jakob Lell claim, is only one of several reasons they are an unreliable form of storage that should be tossed out with yesterday’s technology.
In an effort to prove their point, the two have created their own bit of malicious coding. Code named BadUSB, the malware can be entirely installed from a USB drive. It infects the computer, and from there can alter files, redirect browser traffic, and infect other files that are uploaded or saves onto a PC.
While many security issues can be handled using a patch, USB drives have no such upgrade abilities. It isn’t a software, driver or other internal issue that causes these vulnerabilities. It is the way that USB drives are designed, operate, and how easily they can fall into the wrong hands.
Because they are often passed around, a single infected file can end up on multiple computers without the users ever knowing they are sharing it. Which makes it a highly contagious, effective means of spreading a virus, and infiltrating a high number of initial computers to run illegal operations from.
The researchers, who represent SR Labs, will be providing a full presentation on the issue next week.
It is surprising to me that people still use USB drives. Not only because of the obvious risks, but more also because they are useless. Most are low storage, you have to hope the public computer you are using has workable USB drives (many public computers now have those ports disabled), and they are easy to break and lose.
But clearly it must still be an issue. The results of this research will be interesting to watch.