Researchers uncover USB device ‘hijack’ threat
German security researchers have uncovered a previously unknown security flaw in USB devices which can enable them to insert malicious code onto devices they are connected to, exposing them to risk of external ‘hijacking.’
Karsten Nohl and Jakob Lell warn that there is no practical means to protect against being exploited by this vulnerability, which can infect even apparently empty USB sticks after formatting.
In response to this new threat the organisation responsible for overseeing the USB standard has called on manufacturers to build in extra security measures to head off future threats.
The back door exploited sees the USB drive trick computers into believing an external device has been attached such as a keyboard, from which a stream of phantom strokes can be transmitted to instruct it to download malicious content from the internet.
Another technique saw a USB pretend to be a network card, allowing it to hijack web browsing conducted from an attached smartphone.
Commenting on the latest security vulnerability Nohl said: “It may not be the end of the world today," Mr Nohl told journalists, "but it will affect us, a little bit, every day, for the next 10 years. Basically, you can never trust anything anymore after plugging in a USB stick."