Two security researchers say that they have "
exploited the very way that USB is designed" and there is no way this security problem can be patched.
But the two hackers didn’t merely copy their own
custom-coded infections into USB devices’ memory. They spent months
reverse engineering the firmware that runs the basic communication
functions of USB devices—the controller chips that allow the devices to
communicate with a PC and let users move files on and off of them. Their
central finding is that USB firmware, which exists in varying forms in
all USB devices, can be reprogrammed to hide attack code.
Posts
