USB stick security flaw puts data at risk

USB sticks have been found to contain a significant security flaw which could be exploited to break into millions of computers around the world, according to researchers at MWR InfoSecurity.

The UK firm claimed that the flaw could allow the creation of USB sticks that "interrogate a computer and download the contents".

The researchers added that such devices are just months away from development, and are likely to be used by malevolent and sophisticated criminals to steal the contents of entire hard drives.

"What millions of us have seen in countless James Bond and other spy thrillers around the world has now taken a step closer to being realised," said Alex Fidgen, commercial director at MWR InfoSecurity.

"The bad guy plugging a small device into the system and removing sensitive data is no longer theoretical. It is possible."

Criminals could exploit a flaw in the driver software of USB devices to take control of systems and steal information. Fidgen claimed that MWR InfoSecurity has been concerned about these security implications for some time.

"Hackers are becoming more and more sophisticated, and business is under threat. Up until now people have felt secure in the knowledge that a simple USB stick could not copy their information without their permission. We have proved that it is not the case," he said.

The firm claimed that it has already cracked one operating system using its tools, and is now turning its attention to others. Fidgen added that the researchers had built the hack to raise awareness of the security issues, and had shared their findings with the UK government's Centre for the Protection of National Infrastructure.