Linked by Thom Holwerda on Sat 23rd Jul 2005 16:54 UTC
Privacy, Security, Encryption Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device, according to an executive from SPI Dynamics, which discovered the security hole. However, SPI tested attacks on Windows systems, but any operating system that is USB-compliant is probably vulnerable.
Permalink for comment 8204
To read all comments associated with this story, please click here.
USB devices include cpu too
by transputer_guy on Sat 23rd Jul 2005 22:26 UTC
transputer_guy
Member since:
2005-07-08

Many USB devices include a hardware controller that might include an 8051 or other low cost cpu or a state machine.

If a engineer were to recode the firmware then its possible (likely to be very dificult since it would be in ROM) the USB spec could be violated and maybe that would be enough to induce the host side buffer overflow on any OS.

Then again you could do the same thing with any hardware device thay plugs into a PCI or IDE port but thats getting ridiculous.

A simple screwdriver is more than enough to get at the goods.

As for janitors, in the old days when PCs were wimpy and workstations had the muscle, you would hear stories of whole departments having their DIMMs stolen.

Reply Score: 1