[Cryptography] You can't trust any of your hardware
Doron Shikmoni
doron.shikmoni at gmail.com
Sun Aug 3 05:23:36 EDT 2014
On Fri, Aug 1, 2014 at 11:34 PM, Jerry Leichter <leichter at lrw.com> wrote:
>
> How many USB devices have ever been patched after sale? I know of one
> example, which I mentioned in my original posting: The Apple aluminum
> keyboard, introduced in August of 2007, has received exactly one update
> during its lifetime.
>
> I, personally, know of no other examples. If anyone else does, I'd like
> to hear about them.
>
>
In a way, even some USB sticks had.
The U3 <<expletive removed>> stick variety created by a few USB stick
vendors a few years back (e.g. the Sandisk Cruzer Micro), would present a
CD drive with executable code, in addition to the mass storage device, in
order to have autorun kicked off on Windows (so that the U3 "launchpad"
would launch automatically and transparently...).
Shortly thereafter, Sandisk released a firmware mod tool, that would
disable the logical CD device completely.
There's also an open source tool that can do same, or can even conveniently
replace the CD image with one of your liking.
Doron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140803/2b07893a/attachment.html>
More information about the cryptography
mailing list