Sooner or later, the default Windows configuration will refuse to autorun content on a strange flash drive, and this won't work. Unless, of course, the criminals have special USB units manufactured containing an active processor which uses DMA to probe and interfere with the host PC's memory. They could possibly use the same facilities they use to make fake ATM front panels to manufacture them. The units could even contain an empty, perfectly innocent flash drive to deflect suspicion; after all, there's no limit to how many devices something on the end of a USB connector can appear to be.
Posted by: acb | http://dev.null.org/acb/ | Thu Apr 26 10:11:25 2007
Flash drives are cheap. And I'm sure the Russian Mafia or whoever have access to chip fabbing plants and such they could use to knock out thousands of units containing a microcontroller and a quantity of Flash (some of which looks like a drive). And the design wouldn't be hard; the basic components (microcontroller cores, USB stacks and so on) are well known.
Want to say something? Do so here.
Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.
Posted by: toby | | Thu Apr 26 00:39:06 2007
Or a buffer overflow exploit hidden in any number of file types. Porn, music, and excel spreadsheets; I'm sure most people would check what's there first.
It's a relatively expensive approach. I'm surprised that it has any appeal. I guess if you steal the flash drives...