Jump to content


USB vulnerability

  • Please log in to reply
2 replies to this topic

#1 WhatKnot



  • Full Member
  • Pip
  • 35 posts

Posted 07 August 2014 - 05:56 PM

Is this latest warning on the potential of hacking the firmware on these devices as serious as they are made to seem?

#2 TheJoker


    Forum Deity

  • Boot Camp Mod
  • PipPipPipPipPip
  • 14,480 posts

Posted 09 August 2014 - 06:30 AM

Are you referring to this newly discovered potential vulnerability?


If so, it appears to be a vulnerability (something that could potentially be taken advantage of) from a proof of concept exploit developed by a security researcher;  I see no mention of any malware in the wild that takes advantage of it. While I'm not familiar with USB BIOS's, if similar to motherboard BIOSs, the problem would be that the BIOS would be different depending on the manufacturer and model, so it's likely that malware would have to be written against a specific brand USB drive, which would limit it's ability to infect and spread.

Like much of the malware out there, the best way to prevent infection would be to implement good security practices:

  • Always run antivirus software and be sure it and your operating system is updated
  • Make sure you other installed software is updated - run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated.
  • Don't open e-mail or attachments from unknown sources
  • Don't click on links from instant messaging applications
  • Don't visit questionable (pirated software, porn, etc.) sites
  • Don't use unlicensed software
  • Don't click on links in pop-up windows
  • Be careful what you install, fully read license agreements and see what you are agreeing to, if you don't you may end up installing software you didn't intend to install
  • Remember, if something seems to good to be true, it probably is

Free Tools for Fighting Malware
Anti-Virus: avast! Free Antivirus / Avira Free AntiVirus
OnLine Anti-Virus: ESET / BitDefender / F-Secure
Anti-Malware: Malwarebytes' Anti-Malware / Dr.Web CureIt
Spyware/Adware Tools: MVPS HOSTS File / SpywareBlaster
Firewall: Comodo Firewall Free / Privatefirewall
Tutorials: How did I get Infected? / Internet Explorer Privacy & Security Settings
If we have helped, please help us continue the fight by using the Donate button, or see this topic for other ways to donate.

MS MVP 2009-20010 and ASAP Member since 2005

#3 WhatKnot



  • Full Member
  • Pip
  • 35 posts

Posted 09 August 2014 - 06:40 PM

Thank you for your response, my question was driven by this article in Forbes Magazine.



Member of UNITE
Support SpywareInfo Forum - click the button