![]() ![]() Even if you don’t use Phison devices yourself, your computer is still vulnerable, especially if you swap files with other users or happen to pick up a new free thumb drive at a business conference. It affects every single USB device out there and worst yet, there's no line of defense short of. ![]() Even then, he said, it could take more than a decade to get rid of vulnerable devices and smooth out all the new bugs.īoth research teams reverse engineered the firmware from USB devices made by Phison, a Taiwanese company and one of the largest USB device makers. Security researchers from SR Labs have uncovered a fundamental flaw in the way USB devices work. In order to mitigate against these types of attacks, he said, the entire security architecture would have to be rebuilt from the ground up with code that cannot be changed without the manufacturer’s signature. SentinelOne vulnerability researcher Max Van Amerongen published a report Tuesday on the remote code execution vulnerability, tracked as CVE-2021-45388, found in software vendor KCodes NetUSB kernel module. Caudill also demonstrated how the malware can be used to hide files and secretly disable password-protected security features.īefore last week’s demonstration Nohl told Wired that he considered this exploit to be basically unpatchable. A critical flaw in NetUSB could allow attackers to gain remote access and has the potential to affect millions of devices. ![]() Because the malware is stored on the device’s firmware, which controls the basic functionality of the device, it’s very difficult to detect and can’t even be deleted by clearing the storage contents. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |