Black Hat Reports on USB Vulnerabilities

[BobH]

Black Hat conference attendees have recently been - or are about to be - told of significant vulnerabilities inherent in USB devices. The article at the URL leaves out much needed information.

Can users do anything to discover if their USB devices - especially thumb drives - are clean? If so, what steps should they take?

Can anyone point to specific manufacturer's whose devices are compromised?

Is there software or firmware that can be placed on USB devices to detect and prevent them being hacked?

Does anyone really know how great this threat is or what to do about it? It's great that there are people out there who are investigating these things and informing the industry and public, but what specific recommendations are there?

[HansV]

I don't think there are specific manufacturers whose products are compromised.
There is nothing to fear (probably) from the USB devices that you already have.
The common-sense advice near the end of the article sums up what you should do:

On a typical Windows system, USB devices are driven by drivers that are more often than not signed by software vendors. If a warning pops up on a user's screen to install a driver, or that an unsigned driver is present, that should be a cause for concern.
As a matter of best practice, don't plug unknown USB devices into your computing equipment. It's just common sense, much like users should not open attachments that look suspicious or click on unknown links.

[stuck]

Doesn't this thread duplicate the one that Leif started called If it's not one thing...?

Ken

[HansV]

So, if it's not one thing, it's two threads

Locking this thread now.