USB based devices may be attacking your system. So says a recent discovery from researchers at the Berlin-based Security Research Labs, which presented findings of the flaw earlier this month. Thumb drives, external hard drives that connect via USB, keyboards, mobile device chargers: all can be compromised. We talk with Karsten Nohl, chief scientist, about why we should be aware, and if there’s anyway to protect our devices.
“We at Security Research Labs take apart everyday technology and most often find that it is insufficiently protected considering the very large number of people who use technologies like USB. We previously found flaws in the major RFID payment and access cards, in credit card terminals, in SIM cards, and in the GSM mobile network standard. Each of these technologies is used by billions. No single organization can add much security to any of them, so the protection level degrades over time, unless researchers expose bugs.
We were originally interested in reprogramming USB thumb drives to make them faster for a very specific application. In the process, we understood that the devices are much more flexible than we had imagined, and could be reprogrammed to masquerade as completely different peripherals. We verified that storage devices can be reprogrammed; others have shown that USB web cams can also be modified.
The best protection is to not use anybody else's peripherals and not to share yours with others. When charging devices, use a 'charging only' cable that has no data lanes over which an attack could be launched.”