如何安全的运行badusb_USB安全问题BadUSB可能需要数年时间才能修复

如何安全的运行badusb

BadUSB, a security hole exposed in July that lays in the firmware that powers many USB memory sticks, could take years to fix it is feared. Whilst the ability for hackers to exploit this security hole has been hindered because the researchers who discovered the bug, Karsten Nohl and Jakob Lell, have so far not released the vulnerable code, it is vital for the issue to be resolved so that it doesn’t give hackers another loophole to exploit. The worry that surrounds BadUSB has arisen since the security issues lies in the firmware that a computer uses to identify a USB memory stick; this means that any malware exploiting the security flaw is going to be pretty much undetectable by a computer and it leaves pretty much any USB memory stick vulnerable to attack. That has all changed this week as another two researchers at DerbyCon – Adam Caudill and Brandon Wilson – announced that they had reverse engineered BadUSB, and they’ve not been afraid to release the code.

有人担心，BadUSB是一个安全漏洞，该漏洞于七月份暴露出来，位于为许多USB记忆棒供电的固件中。 尽管由于发现该漏洞的研究人员Karsten Nohl和Jakob Lell迄今为止尚未发布易受攻击的代码，阻碍了黑客利用此安全漏洞的能力，但解决该问题以至于不能解决该问题至关重要。不会给黑客带来另一个漏洞。 由于安全问题在于计算机用来识别USB记忆棒的固件中，因此引起了BadUSB的担忧。 这意味着任何利用该安全漏洞的恶意软件将几乎无法被计算机检测到，并且几乎使任何USB记忆棒都容易受到攻击。 本周，DerbyCon的另外两名研究人员Adam Caudill和Brandon Wilson宣布，他们已经对BadUSB进行了逆向工程，因此他们并不害怕发布代码。

Whilst many are likely to be shocked that Wilson and Caudill have released the code and the impact that this could have on cyber security, it needs to be taken into consideration that the reason for the release is to make USB memory stick manufacturers take notice and action so that a fix can be developed. Nohl and Lell held back from releasing the code so that they could give the industry time to develop a fix, but nothing ever came of it. It is feared that the only way for a fix to be developed is for huge changes to be made to the existing USB standard. Something like this could take years and leave USB devices prone to attack until then; whatever approach is taken, CIOs and IT managers are going to have develop their own policies that can account for this.

尽管许多人可能会对Wilson和Caudill发布了该代码及其可能对网络安全产生的影响感到震惊，但需要考虑到发布的原因是让USB记忆棒制造商注意并采取行动。这样就可以开发修复程序。 Nohl和Lell拒绝发布代码，因此他们可以给业界时间来开发修补程序，但此事一无所获。 担心开发修补程序的唯一方法是对现有USB标准进行巨大的更改。 这样的事情可能要花费数年的时间，并且到那时USB设备容易受到攻击。 无论采用哪种方法，CIO和IT经理都将制定自己的策略来解决这一问题。

In reality, the only way that you can be sure that a USB stick is safe to use is if you can track its progress from manufacturer to your desk – but this is simply impractical and probably not even possible. Although this could pose a serious threat to the USB device industry, memory sticks are just an everyday consumable for many people and that is unlikely to change. What may change is the way that organisations allow their employees to use USB sticks; it isn’t uncommon for them to be banned from workplaces now, or for the USB ports on employee machines to be disabled completely, bar for the required peripherals such as a mouse and keyboard.

实际上，可以确保USB记忆棒安全使用的唯一方法是，您可以跟踪从制造商到办公桌的进度-但这是不切实际的，甚至是不可能的。 尽管这可能对USB设备行业构成严重威胁，但记忆棒只是许多人的日常消费品，而且这种情况不太可能改变。 可能会改变的是组织允许其员工使用USB记忆棒的方式； 现在禁止将它们从工作场所中禁用，或者完全禁用员工计算机上的USB端口，禁止使用必需的外围设备(如鼠标和键盘)。

Consumers should look into other ways of securing their data whilst maintaining the ability to access it on different computers. The cloud is a good replacement for a USB memory stick and although it can have its security issues, they are going to be a lot easier to detect and fix than BadUSB, which probably won’t be detectable at all.

消费者应研究其他方法来保护其数据，同时保持在不同计算机上访问数据的能力。 云可以很好地替代USB记忆棒，尽管它可能会遇到安全问题，但与BadUSB相比，它们将更容易检测和修复，而BadUSB可能根本无法检测到。

翻译自: https://www.eukhost.com/blog/webhosting/usb-security-issue-badusb-could-take-years-to-fix/

如何安全的运行badusb