Millions of us have been using USB memory sticks and peripherals for years, but your trusty flash drives and accessories have recently hit the headlines with potentially huge security flaws. The idea that hackers take over your computer with the help of some hidden code in your thumb drive’s firmware is terrifying, so read on to find out all you need to know and find out if you’re at risk.
What’s it all about?
USB memory sticks have become one of the default storage formats for taking files on the go over the past decade, but an invisible security flaw has recently been discovered that could let hackers gain full control of your computer. It’s not just storage devices either; plugging in any USB accessory could lead to hackers issuing their own commands to do what they want with your computer. The code is capable of handling anything from installing malware to redirecting the web pages you open, and the fact it’s virtually untraceable is even more alarming.
How was it discovered then?
The tech gurus at Security Research Labs (SR Labs) discovered the security flaw when reverse engineering firmware on USB devices, with the company explaining: “Once reprogrammed, benign devices can turn malicious in many ways.”
Where is the malicious code hidden?
Unlike traditional viruses or malware, the malicious code hidden away on USB products isn’t easily visible. Instead of appearing as a regular file, it can be hidden away in the firmware on your USB stick, USB mouse or even your humble keyboard. For a quick refresher, firmware is software installed on a device itself, that controls what it does each time you hook it up to a computer. So when you plug in a USB memory stick, for instance, your computer knows what it is, and can open up the relevant folder. This means that malicious hackers changing the code in your USB drive’s firmware can have a truly massive impact.
Why is the malicious code invisible?
While your anti-virus software is happy to scan your computer and any of the storage devices you connect for malware, it won’t check out what’s going on with the firmware on any of your devices. SR Labs adds: “Malware scanners cannot access the firmware running on USB devices, and USB firewalls that block certain devices do not (yet) exist.”
Are you at risk?
Yes and no. While USB devices have been a traditionally safe medium, the fact malicious code can go so easily undetected means you could be using an infected accessory without even knowing it. Although you can’t easily scan for issues, there are steps you can take to help avoid problems.
What can you do if you’re worried about infection?
Stick to what you know! Firmware needs to be updated by an installer, so if you are offered updates for your devices, make sure they’re being offered from a trusted source. Don’t go using second-hand memory sticks or devices that you don’t know the history of, meaning it’s worth buying new accessories from shops you know and trust. You’ll be a lot safer if you know where an accessory has come from and who may have updated the firmware.
And if you do have issues? Throw your USB gadget away! SR Labs concludes: “Once infected, computers and their USB peripherals can never be trusted again.” Fingers crossed it wasn’t an expensive gaming mouse or high capacity stick!