Reply To: 2 Aug 14 – The Security of USB is Broken
I guess I would think that the firmware should be in read-only memory. After the USB device is sold and put into service, what reason would there be to update this part of the firmware?
Since we are talking probably about thumb drives primarily as something that gets swapped between computers — when has anyone ever had to update the firmware in one?
I this firmware is available to be read and written to by an operating system, then it would be just one more item for virus checking software to put in their list of things to check.
Because it is possible to create some virus to hide in USB firmware, that doesn’t mean it would be practical. There should be better targets for people who write malware.