October 5, 2014: The USB drives in their current form, present a major security threat as they can’t be patched against a code released on Github by hackers. The security loophole earlier discussed at Black Hat conference might push USB drive makers to take action to fix the issue.
The latest report appeared in Wired magazine suggests that hackers can use the code released on Github to infect computers. At the moment, the security issue has been confirmed only with Taiwan based USB manufacturer Phison.
Last week, Adam Caudill and Brandon Wilson presented at the Derbycon hacker conference in Louisville and the code was later shared on Github. On his blog, Caudill wrote, "Your average script kiddy will never be able to do it; there's only a small number of people that would be able to do the work needed to be able to pull it off - those people could already do it before we released what we did." Caudill added that their intention was to raise awareness among the USB manufacturers and users regarding the security loophole which could be exploited by hackers.
The infected Phison USB drives are capable of infecting any device on which they are used. As Phison manufactures USB drives for many companies, it is still not clear which devices available in the market are vulnerable to the security risk.
As the security researchers contacted Phison, the company denied that its drives could be used for injecting code on the devices.
Security experts at Black Hat conference in Las Vegas had shared the details of USB drive based threat, also termed as BadUSB, earlier this year.
Source: Uncovercalifornia.com
Post a Comment