CRNTech
Hardware

USB stick security flaw puts data at risk

By David Neal
Nov 2, 2009 8:47 AM
Tags: flaw | security | usb | claimed | fidgen | firm

"Imminent threat" to sensitive information.

USB sticks have been found to contain a significant security flaw which could be exploited to break into millions of computers around the world, according to researchers at MWR InfoSecurity.

The UK firm claimed that the flaw could allow the creation of USB sticks that "interrogate a computer and download the contents".

The researchers added that such devices are just months away from development, and are likely to be used by malevolent and sophisticated criminals to steal the contents of entire hard drives.

"What millions of us have seen in countless James Bond and other spy thrillers around the world has now taken a step closer to being realised," said Alex Fidgen, commercial director at MWR InfoSecurity.

"The bad guy plugging a small device into the system and removing sensitive data is no longer theoretical. It is possible."

Criminals could exploit a flaw in the driver software of USB devices to take control of systems and steal information. Fidgen claimed that MWR InfoSecurity has been concerned about these security implications for some time.

"Hackers are becoming more and more sophisticated, and business is under threat. Up until now people have felt secure in the knowledge that a simple USB stick could not copy their information without their permission. We have proved that it is not the case," he said.

The firm claimed that it has already cracked one operating system using its tools, and is now turning its attention to others. Fidgen added that the researchers had built the hack to raise awareness of the security issues, and had shared their findings with the UK government's Centre for the Protection of National Infrastructure.

  • Email a Friend
  • Print Page
USB stick security flaw puts data at risk
2 comments in this discussion
"If you have a usb key being used in the work environment, you would think that there were a couple of safeguards in place to prevent: a) data loss and b) data compromising loss of physical ..."
By plhau98
 
Related Articles
Breaking Stories
 

Copyright ©v3.co.uk
 


Comments: 2
Thoughts on this article? Add a comment below.
Jonbays
Nov 2, 2009 5:37 PM
 USB data theft and loss is the biggest preventable data security issue around at the moment and it doesn't need a fancy hack simple lazy rules around auto run and misguided end users running executables inadvertantly off USB drives or just using and losing USB drives already account for a great deal of data loss.
plhau98
Nov 4, 2009 12:19 PM
 If you have a usb key being used in the work environment, you would think that there were a couple of safeguards in place to prevent:
a) data loss and
b) data compromising loss of physical device.

The first can be achieved by the deployment on the network of a preventative product that allows granular lockdown by device id for USB devices, so that the exec with a device can connect, but the workers, with the same drives, cannot. other products prevent all usb devices apart from human interface devices (kbd, mouse) to connect, but that is counterproductive. The exec will get the device in, and administration is painful.

the second part can be prevented by the encryption of the USB drive, either with a commercial product, or with something like trucrypt, it is free, and has been developed by some encryption gurus. This way, if the drive is lost, the data is locked away. without knowing the password, and a keylogger cannot interrogate the device, it is effective and simple.
These are both techniques that the ICT community are aware of, they just don't seem to think the end user wants it.
Comment:
Want to participate in the discussion?
Or log in now to comment


Top Stories
Interview: Peter Kazacos and the "wild west" of IT
Interview: Peter Kazacos and the "wild west" of IT
CRN talks to Hostech chairman and industry veteran, Peter Kazacos.
 
Simms: how to survive as an Apple reseller
Simms: how to survive as an Apple reseller
Differentiate or else, says Simms.
 
Lenovo: HP is after your customers
Lenovo: HP is after your customers
Vendor sharpens its assault on SMB.
 
Shortcutsall you need to know on...
  • NBN 
  • Windows 7 
  • Unified Communications 
  • Smart Power 
  • Virtualisation 
Latest Comments
"Additionally, any small business with growth (and competition) on their mind would do well to ..."
on Opinion: “Myopic” Microsoft lost in the cloud
by bld Mar 16, 2010 9:54 PM
 
"Finally on line retailers having to behave like retailers. I have purchased quite a lot from ..."
on Mwave "embarrassed" by ACCC warranty notice
by tonyh Mar 16, 2010 5:01 PM
 
"Lenovo products are excellent, even after moving away from the traditional IBM regime. All our ..."
on Lenovo: HP is after your customers
by em3 Mar 16, 2010 3:44 PM
 
"Looks like Apple is headed down the "premium" path, consisting of Apple Stores and their closest ..."
on Simms: how to survive as an Apple reseller
by em3 Mar 16, 2010 3:36 PM
 
"Interesting story, and yes, its good to know the ACCC is alive and kicking.......but have heard ..."
on Online retailer's 'reseller only' claims rejected
by Boris B Mar 15, 2010 4:04 PM
Polls
Have you experienced a problem when returning faulty goods to online retailers?
   |   View results
Never
  0%
 
Only once
  0%
 
All the time
  0%
TOTAL VOTES: 0

Vote now
view previous polls »
CRN Magazine

Issue: 277 | March, 2010

CRN Magazine looks in-depth at the emerging issues and developments for the Channel, and provides insight, analysis and strategic information to help resellers better run their businesses.