Whether it’s your PC, smartphone, external hard drive, or an audio breakout box, there’s a USB controller chip in every device that the USB connection to other devices.It turns out, according to SR Labs, that these controllers have firmware that can be reprogrammed to do a whole host of malicious things — and, perhaps most importantly, this reprogramming is almost impossible to detect.
Basically, every USB device under the sun has a class — a classification that defines the device’s function.
Some common classes are human-interface devices (HIDs; keyboards, mice), wireless controller (Bluetooth dongles), and mass storage (thumb drives, digital cameras).
On the host (your PC, your smartphone) there are class drivers that manage the functions of that particular class of devices.
Walmart offers free pickup for most orders placed online - for many items as soon as today!
Tell us where you are and we'll show you which Walmart stores and partner locations near you are available for package pickup.
Security researchers have found a fundamental flaw that could affect billions of USB devices.
This flaw is so serious that, now that it has been revealed, you probably shouldn’t plug a USB device into your computer ever again.
There are no known effective defenses against this variety of USB attack, though in the future (months or years, not days) some limited defenses might be possible.
This vulnerability, which allows any USB device to take over your computer, mostly exists due to the USB Implementers Forum (the USB standards body) eschewing security in favor of maximizing the versatility, and thus the massively successful adoption, of USB.
The USB IF itself notes that your only defense against this new attack vector is to only use USB devices that you 100% trust — but even then, as we’ll outline below, this won’t always protect you.
This flaw, dubbed Bad USB by Security Research Labs in Berlin, leverages the fact that every USB device has a controller chip.