USB Driver Bugs Could Be An Attack Vector

MWR Labs has published some information about research that they’ve been doing into USB driver vulnerabilities on various operating systems. For example, they have been using USB enumeration commands, which occur whenever you plug a device into a computer’s USB port, to try and cause buffer overflows on the host computer. So far it looks like they’ve been able to crash a Linux computer by exploiting a buffer overflow in it’s Linux driver. They theorize that such attacks might be able to actually modify code or insert code into a computer to allow an attacker to get onto the host.

Proof that you should only use tested and secure USB devices from major vendors like IronKey. A generic USB device could actually be an attack device. Also, it shows that drivers need to have some security reviews on them!

Similar Posts:

• Evil Maid USB Malware Steals TrueCrypt Software Encryption Passwords
• NIST Investigating Companies Who’s FIPS 140-2 Validated Products Were Hacked
• Ohio Identity Theft Cases Have Doubled
• Navy Vice Admiral Discusses The Use of Approved Secure Removable Storage Devices at the Department of Defense
• Survey Finds That Consumers Who Receive a Data Breach Notification are 4 Times More Likely To Suffer Identity Theft

• « Previous post
• Next post »

• Categories

  • Identity Theft Tips
  • Online Identity Theft

• Popular Posts

  • Five Tips for Knowing that the “Forward this to your friends and get a free (fill in the blank)” E-mail is a Fake
  • Job Seeker’s Information Stolen in Guardian Jobs Website Hack
  • Government Tries to Thwart P2P Identity Theft
  • 10 Ways to Prevent Social Media Scams
  • Did you get 411 on the *112 life saving email?

• Recent Comments

• Spam Blocked

  678 spam comments blocked by
  Akismet