But seriously, folks...
I am pretty much with Monsieur du Moose regarding the threat level
*today.* So far, beyond the spook stuff, it's all theoretical. If the
researchers who found the vulnerability actually release their code to
the public, then the danger goes way up quickly. I hope they only give
it to the OS manufacturers, and that those folks keep it really close to
their vests until detection and cleaning or blocking methods are
developed and propagated.
I do agree that the vector described could be exploited by some bad
guys, and it would be the equivalent of a "day zero" virus. As the
article referred to earlier says, microcode signing and a major upgrade
to way USB works is the only way to stop this 100%.
BUT... exploiting this threat requires a lot more skill than writing the
usual virus. We're talking about machine-level microcode here, not a
high-level language in a Web link or Word document. Microcode is
usually very hardware-specific, so malware that would affect Brand X USB
chips wouldn't necessarily work on Brand Y, or even Version n+1 of Brand
X. It is also more expensive to spread a hardware infection than it is
to spread a virus by mass emailing of an infected link or document. So
whoever was doing it would have to have resources and money beyond the
typical virus writers.
My guess is that a method to scan USB devices' microcode before the OS
mounts it will be implemented quickly, as will code to detect tampering
or malware-like behavior. Any suspicion, and the device doesn't get
mounted. These will be patched into existing OSes. As pointed out
earlier, the one place this won't work is at the BIOS level, because
hardly anyone upgrades their BIOS unless forced. Microsoft and the major
hardware manufacturers would have to collaborate on propagating BIOS
patches, and users of no-name clone PCs may be out of luck. So don't
boot off of USB devices if there's the slightest doubt where it's been.
One scary issue involves laptops. Many laptop CD drives (and other
removable hardware) use USB internally even though you don't realize it
and you don't see the familiar plugs.
--Peter
--
_________________________________________________________________
Options: http://lists.thomasclausen.net/mailman/listinfo/olympus
Archives: http://lists.thomasclausen.net/mailman/private/olympus/
Themed Olympus Photo Exhibition: http://www.tope.nl/
|