This time, the researchers hail from the University of Illinois. They decided to test what they call the anecdotal belief” that people pick these things up and plug them in, so they dropped 297 drives on the school’s Urbana-Champaign campus last year.
It’s an unsurprising vulnerability. Any device which has DMA or sends data to trusted processes is part of the TCB. One must either show it’s trustworthy or mediate it. My general rule is to consider every device untrustworthy. This is supported protect usb by the large amount of undocumented functionality, increasing use of programmable chips guiding the DMA, and recent discovery of a backdoor in a security-critical FPGA. The chips must be assumed to have functionality useful to the attacker.
To be honest, I don’t feel comfortable saving my information on cloud. So, I was looking to somehow secure my really, really old files (very important ones) on my old external drive. Therefore, I looked into methods of password-protecting my external drive and discovered usb access control. The application is so simple, it’s ridiculous. Yet, it has been so far seemingly an effective security application.