How secure is your USB? by Nick Flaherty, EE Times - September 10, 2014 Reverse engineering a USB controller's firmware is a possible route hackers could take into your device. What one chip industry IP vendor partnership is doing about it inShare The recent report from researchers at Security Research Labs on the vulnerability of USB devices has seen equal amounts of soul searching and indignation from the industry.
While the advice has been to make sure you use devices from trusted sources, some USB IP companies have been highlighting what device makers can do to ensure that their systems are secure. Rather than use malware on a USB device, SR Labs researchers Karsten Nohl and Jakob Lell reverse-engineered the code in the USB controllers and used it to inject a virus or trojan into a system. Gordon Lunn, customer engineering support manager at Glasgow, UK-based USB chip IP developer FTDI Chip, points out that the report highlights programmable devices, which are just one type of USB device.
He tells EE Times: We felt the report was inflammatory to say that USB firmware was the problem. From an FTDI perspective we did see the report as a generic attack on USB as a bad system. I don't see that as being any different from any infected source.