Just because the good guys have discovered a new security risk doesn’t mean the bad guys haven’t known about it forever. The risk is only new to us. It’s actually been there for a long time, maybe forever. Who knows how long everyone from the black hats in Moscow to the NSA in bucolic Maryland have been taking advantage of what appears to us to be a “new” exploit?
The USB security hole recently unveiled by Berlin based Security Research Labs (SRL) seems to be of those that’s been around “forever.”
While it shouldn’t be news to anybody that caution should be exercised when using USB devices, the new exploit would seem to indicate that even the most draconian security measures, short of doing away with USB devices entirely, might not be enough. The recently revealed problem has to do with the USB controller chip found in most, if not all, USB devices. The chip basically identifies the device type to the computer.
The trouble is, most of these chips are relatively easy to reprogram.