I came across this article on the BBC site last night: http://www.bbc.com/news/technology-28701124
Apparently they exploited the feature in USB devices where they inform the operating system of their identities.It is not uncommon for USB sticks to be used as a way of getting viruses and other malicious code onto target computers. Most famously, the Stuxnet attack on Iranian nuclear centrifuges was believed to have been caused by an infected USB stick. However, this latest research demonstrated a new level of threat - where a USB device that appears completely empty can still contain malware, even when formatted. The vulnerability can be used to hide attacks in any kind of USB-connected device - such as a smartphone.
I'm surprised it's taken so long for someone to discover this vulnerability. It doesn't sound like something the operating system can thwart either.In one demo, shown off at the Black Hat hackers conference in Las Vegas, a standard USB drive was inserted into a normal computer. Malicious code implanted on the stick tricked the machine into thinking a keyboard had been plugged in. After just a few moments, the "keyboard" began typing in commands - and instructed the computer to download a malicious program from the internet.
Bookmarks