Nut-job Conspiracy Theory Ping!
To get onto The Nut-job Conspiracy Theory Ping List you must threaten to report me to the Mods if I don't add you to the list...
Sounds like an easy fix to preclude this would be a service that checks for tampering in this area. There are several publishers of security tools with apps in this area that I would think could be extended a bit to cover this vulnerability. For that matter so could Microsoft.
“Next time you find a foreign USB lying around, think twice before plugging it into your computer.”
Really? Even if it’s labelled “Durty Pichers”?
This isn’t new (maybe to these “researchers”). There have been news articles floating around for a couple years about government spy agencies doing this, tinkering with the electronic guts of attachable devices including USB sticks, so that they can do malware attacks. One even detailed how a modified USB stick included a radio transmission of stolen data that would be transmitted without detection of the user. Not likely that most people would ever run across any modified USB sticks, unless a government agency is out to get you.
The microcontrollers that power USB Thumb Drives and SD cards are typically 32bit ARM cores running at 100mhz. This is quite a powerful computer. They cost about a quarter each when bought in huge quantities. The power is needed since the flash memory is littered with defects...it’s a buggy technology. The ARM chip juggles the bad bits and tests good bits to ensure they are not failing...and all this while handling all the data transfers and ensuring that usage of the flash bytes are leveled out since flash can only be written so many times before it fails.
The 32 bit ARM cores in these cheap devices are each more powerful than all the mainframe IBM System 360 computers that were used to handle the Apollo Moon shots..combined!
Or put another way, each of those ARM cores is more powerful than a couple hundred of the 6510 processors that powered the legendary Commodore 64 :-)
You can modify the program code (firmware) that the ARM processor in a flash drive runs.... just imagine the mischief that can be done. You can also modify the firmware of the processor in a HD, a USB hub, a WiFi router, A mouse, A keyboard..etc etc
_____________________________________
The original IBM 360 was capable of only 34,500 instructions per second! lol
Later models got up to around 16 million instructions per second and that is still a long way from the power of the little 25 cent 32 bit ARM in an SD card running at 100mhz.
I use small and cheap processors called SoCs (System on a Chip) that are so powerful that they dwarf the power of the first few generations of Cray super computers. These powerful chips typically have 2 or 4 ARM cores running at 1Ghz or more and several other processors as well as a powerful GPU (graphics processor) and typically have 256MB to 1GB of ram integrated into the tiny package. The firmware can be tampered with on these mighty little beasts as well...and they are so complicated that it’s nearly impossible to figure out if the things are not compromised on a hardware level to be insecure on purpose. THIS is what powers your smart phones and tablets....hmmm
Advancing technology will take care of that. A lot of those older USBs will be discarded as obsolete. A fews years ago I paid $20 for a 1-gig stick, now 64-gigs are in the $25 range - and 128-gig versions are coming on line. My older, smaller capacity USBs are just gathering dust in a drawer - they are useless now now, but I hate to throw 'em out. Hell, I still have some 3 1/2" floppies. :-)
Another article with similar concerns was referenced here a few months ago, FYI:
http://freerepublic.com/focus/f-chat/3187364/posts