All USB devices are 'critically flawed'

Posted Aug 8, 2014 by Tim Sandle
New research calls into question the security of using USBs to connect devices to computers. The research points towards a virus risk and argues that it would be extremely difficult to remove a virus residing in the USB firmware.
From left to right: Logitech's Squeezebox Duet, Aerielle i2i Stream, and Aluratek USB Internet Radio Jukebox
Photo illustration by
Berlin-based researchers Karsten Nohl and Jakob Lell, who are cyber-security experts, have demonstrated how any USB device could be used to infect a computer without the user's knowledge. The two computer experts have said that the USB model is "critically flawed", according to PC World Magazine.
Universal Serial Bus (USB) is an industry standard developed in the mid-1990s that defines the cables, connectors and communications protocols used in a bus for connection, communication, and power supply between computers and electronic devices. Most computer uses know USBs as "flash drives". These are data storage devices that include flash memory with an integrated Universal Serial Bus (USB) interface.
The latest research, announced at the Black Hat 2014 conference, has demonstrated that a USB device that appears completely empty can still contain malware, even when formatted. Malware is short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer files.
It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers, however this has always been on the back of other software or programs uploaded onto the devices. The idea of an 'blank' or reformatted USB stick holding a virus is a new one.
In one demonstration at the Black Hat hackers conference in Las Vegas, the Daily Mail notes that a standard USB drive was inserted into a normal computer. After just a few moments, the "keyboard" began typing in commands - and instructed the computer to download a malicious program from the internet.
Commenting further, Nohl told the BBC: "It may not be the end of the world today, but it will affect us, a little bit, every day, for the next 10 years. Basically, you can never trust anything anymore after plugging in a USB stick."