Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 4463 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Very Serious Threat from USB Flash Drives

wstrohm

Just read this article: http://www.wired.com/2014/07/usb-security/

I am wondering if an anti-virus program such as Sophos could be updated to read the firmware in a USB stick and detect a variation from some "standard," malware-free code that is universal. Or is the firmware in a USB stick different among manufacturers?

:1018597


This thread was automatically locked due to age.
Parents
  • 0

    Hello wstrohm,

    even if there were a manageable set of "standard" firmware, as mentioned in the presentation on slide 20 The firmware of a USB device can typically only be read back with the help of that firmware (if at all): A malicious firmware can spoof a legitimate one.

    Please note that rogue USB devices are nothing new (read for example about USB chargers on nakedsecurity), the more or less novel claims are a) that reprogramming a USB device could be fairly easy and possibly performed when the USB device is plugged into a compromised host and b) that firmware is a potential vector.

    Christian

    :1018639
Reply
  • 0

    Hello wstrohm,

    even if there were a manageable set of "standard" firmware, as mentioned in the presentation on slide 20 The firmware of a USB device can typically only be read back with the help of that firmware (if at all): A malicious firmware can spoof a legitimate one.

    Please note that rogue USB devices are nothing new (read for example about USB chargers on nakedsecurity), the more or less novel claims are a) that reprogramming a USB device could be fairly easy and possibly performed when the USB device is plugged into a compromised host and b) that firmware is a potential vector.

    Christian

    :1018639
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?