Researchers have uncovered a fundamental flaw in the design of the USB specification that could have a significant impact on day-to-day computing. At the very least, it should call into question the trustworthiness of many mundane devices we insert into our PCs: mice, keyboards, thumb drives, external hard drives and more. A pair of researchers, Karsten Nohl and Jakob Lell at security firm Security Research Labs, are presenting their findings at the annual Black Hat USA 2014 in Las Vegas this week. The crux of the issue: Since USB manufacturers do not protect the firmware in their devices, it's possible for malware to overwrite the firmware and take control of everyday devices. USB peripherals, such as thumb drives, can be reprogrammed to steal the contents of anything written to the drive and to spread the firmware-modifying code to any PCs it touches. The net result could be a self-replicating virus that spreads through sparing thumb drives, much like the rudimentary viruses that spread by floppy disk decades ago. Read more http://www.cbsnews.com/news/why-your-usb-device-is-a-security-risk/
