USB security vulnerability
Just read this over at eweek…. USB devices can post a security risk.
There’s an “age old” adage in computer security (well – as far as computer security it’s old…) You can control a machine if you have physical access to it. This is yet another example. Essentially it sounds as though an attacker can gain administrative access by inserting a specially “programmed” usb key which can cause a buffer overflow in the USB device driver.
From the article “demonstrating a USB storage device that is programmed to automatically copy recently accessed files when inserted into a Windows PC.” This could be very bad news in certain environments. No need to site trying to break into the system, just plug it in and the recently access files are copied over. This is “hollywood movie style hacking/cracking” it wouldn’t seem to get much easier.
If you’re concerned about this kind of data theft, there are options though. Devicelock is one. Safend’s USB port protector is another. It is still worth making sure to restrict unauthorized access to “valuable”, data rich machines. Products like Devicelock and Safend’s protectors can slow down and make more complicated data theft, or tampering with a system, but it cannot be prevented. Give an individual enough time with physical access to a machine and they will get in.