posted on Mar, 21 2015 @ 01:50 AM
a reply to: Variable
This isn't the autoplay thing though. As you've said, that's been known for ages.
The exploit problem now is how most operating systems handle unrecognized devices. (Because USB could be a joystick, mouse, soundcard, wifi, storage,
etc.) What happens is the OS looks for a driver to install on the USB device itself in order to operate it. So the exploit is in the driver file
needed to communicate with whatever it is you plugged in. It's still as bad as the old autoplay problem if not worse.
And another level of exploits related to drivers is there are now viruses supposedly out in the wild that can run remotely from the main CPU on
various co-processors. (Basically it'll look for an installed device it can exploit and install into that device's firmware.) So in theory the virus
could execute on a BIOS chipset, graphics card, soundcard, etc. And of course those things have access to the main memory and processor functions, so
viruses that exploit them can potentially cause a lot of harm. When viruses operate in that manner, detecting them with current anti-virus software
becomes a lot more difficult if not impossible because the virus tell-tale signatures aren't resident in the main memory or executables.
Maybe both of these hacks aren't brand spanking new, but currently there's not really a good fix for them. Just avoid plugging in any hardware or
downloading software from sources you're uncertain of.