USB Security Flaw Exploits Functionality

USB Devices
Credit: Tasha Chawner, foryoudesigns on Flickr
From Wired and Gizmodo, word is circulating that the very design and functionality of USB devices has created a fundamental security loophole.

Security researchers Karsten Nohl and Jakob Lell are presenting their findings at the BlackHat conference in early August. They have found a way to reverse engineer the very firmware that controls communication between the USB device (your mouse, your keyboard, that flash drive your latest business contact gave you with their resume) and the computer it is plugged into. They were able to install malware into this firmware that is undetectable and undeletable. Using this method, they were able to take complete control of a computer the device was connected to.

You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean… [But these] problems can’t be patched. We’re exploiting the very way that USB is designed. – Karsten Nohl (source: Wired/Gizmodo)

It’s also possible for a clean USB device to be plugged into an infected computer, and be infected as a result.

Nohl and Lell are torn whether to release the code they were able to develop to BlackHat at this time because of the damage it can cause. With all the malware that is possible, this delivery method makes it possible to take over any part of a computer or even mobile devices that connect via USB. It can be used to spy on internet traffic, phone calls, reroute through malicious websites, trace emails, record and transmit passwords, just about anything.

The only known method of avoiding infection is to “treat USB devices like hypodermic needles that can’t be shared among users,” according to Nohl. However, this is largely inconvenient and against the very model of how USB was supposed to work.

Additionally, there was the issue of NSA spying revealed by Edward Snowden earlier this year. University of Pennsylvania computer science professor Matt Blaze states, “I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue.”

Today’s Google Doodle

This Venn diagram illustrates that bats are mammals that have wings.
Mammals ∩ Has Wings = Bats
Credit: google.com
August 4th is the birthday of logician and philosopher John Venn, best known for introducing the Venn diagram. A Venn diagram is a graphical representation illustrating multiple groups and their relationships to one another. Many internet memes have been made using a Venn diagram to illustrate funny and sometimes serious topics in the world.

Today, Google created a Doodle to illustrate Venn diagrams with simple equations and cute drawings as a way to pay homage to the man who created them. It even gives a little shoutout to Chris Hadfield, a Canadian astronaut who used social media to educate the world about space through YouTube and Twitter, and best known for his international space station rendition of David Bowie’s “Space Oddity”.

Visit http://www.google.com/doodles for more fun, cute and worldly Doodles featured on Google’s homepage throughout the years. And, if you’re in grade school, you can even Doodle 4 Google and have your design featured as Google’s logo for a day.