Two researchers appear to have discovered a serious flaw in USB. This isn’t just your everyday virus. Malware planted using this flaw is not merely stored on the flash memory itself; it’s actually in the firmware that the drive depends on to run. One article blames the flaw on the USB Implementers Forum, which supports and promotes the USB specification. The flaw is able to spread from a USB flash drive to a computer and vice versa.
Until device makers come up with a fix, Nohl, one of the two researchers, proposes a short-term solution: Don’t connect untrusted USB drives to your computer, and don’t connect your USB drives into untrusted computers.
Simple enough, right? Even before this flaw was discovered, Nohl’s suggestion would have been sound advice; untrusted computers can plant more run-of-the-mill malware on your drive or tamper with your files. But the fact that the article describes Nohl’s suggestion as a “fundamental change in how we use USB gadgets” reflects on how most of us in fact use our USB flash drives. This is unsurprising, considering how convenient it is to carry our files around from one computer to another, but it is also an attitude that should be reexamined, particularly in light of these latest discoveries.