Slashdot Mirror

← Back to Stories (view on slashdot.org)

System Exploitable With USB

Posted by Zonk on from the good-thing-no-one-uses-that dept.

Anonymous Coward writes "Vulnerabilities in USB drivers for Windows could allow an attacker to take control of locked workstations using a specially programmed Universal Serial Bus device." From the article: "The buffer-overflow flaw is in device drivers that Windows loads whenever USB devices are inserted into computers running Windows 32-bit operating systems, including Windows XP and Windows 2000, said Caleb Sima, chief technology officer and founder of SPI Dynamics."

3 of 310 comments (clear)

  1. Not new idea by makomk · · Score: 5, Interesting

    Oddly enough, this isn't a particularly new idea. The Xbox Linux project considered the possibility of using a specially-designed USB device to run code on the Xbox, though I don't think they managed to find a suitable vunerability to exploit (unlike now). I wonder if this works for the Xbox, actually - it's Windows 2000 based IIRC...

  2. Re:Misleading first few paragraphs? by Teun · · Score: 4, Interesting
    And a little further into TFA:

    Best of all, for attackers, the device drivers run with System-level privileges, giving an attacker full control of the host system once the exploit has been triggered. SPI tested attacks on Windows systems, but any operating system that is USB-compliant is probably vulnerable, he said.

    --
    "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
  3. Seems Fishy... by verbatim_verbose · · Score: 4, Interesting

    I really wouldn't give these guys the publicity at this point.

    They haven't explained what the problem really is, to us, or even filed a report with Microsoft.

    They also claim that any OS is vulnerable, though it's only been tested with Windows drivers.

    The whole thing just stinks of someone wanting publicity or setting up to try to sell some protection software.