I am missing one information here (maybe one hw-hacker can give the answer):
Is it possible (for some or many) USB-sticks or USB devices to reprogram the firmware from an PC that it is connected to it?
The article plays a little with the threat, that I (I want to put it this way:) lent my USB stick to a friend, he uses it, but clears it afterwards and gives it back to me and the stick now contains an infected firmware (that I can not find out by normal means). And also the friend knows nothing, since his computer was infected before.
Of course, I know that it is possible to change a firmware by hw-means (replacing the chip or reprogram it with special hw) but when the firmware of some or all USB-devices would be alterable just by plugging them into a computer, a new kind of virus would be possible spreading more silently and dangerously as all of them before.
HW hacking the firmware of USB devices of course is possible, but would be more in the field of industrial or real espionage. Reprogramming firmware "on-the-run" would cause a new mass-threat for computers.
The firmware on today's USB drives is flashable from Windows
(usually XP) using the manufacturer's proprietary utility
for that particular flash memory controller. Sandisk remains mysterious as their utility if it exists has not been leaked.
This is likely because the firmware has not been perfected yet, so ugrades are continuing. Plus completely different
characteristics can be obtained to arrive at multiple device
brands or behaviors from the same hardware.
"Identical" flash drives from the same manufacturer containing the same exact chips can often have
different firmware revisions, and different resulting performance.
On most units an additional CDROM device, or extra partitions (hidden, private/secure or not) can be configured to be detected (or not) when plugged in to any OS.
The controller provisions the available flash memory among the dictated devices and makes them available to you.
I've been adjusting the firmware for a couple years now as I
do the continuous improvement on my rapid multibootable sticks.
Thanks. So, if anybody reverse engineers the proprietary utility, a virus could be coined that spreads via USB devices and infects thousands of computers and USB sticks and the like. Scary.
Is it possible (for some or many) USB-sticks or USB devices to reprogram the firmware from an PC that it is connected to it?
The article plays a little with the threat, that I (I want to put it this way:) lent my USB stick to a friend, he uses it, but clears it afterwards and gives it back to me and the stick now contains an infected firmware (that I can not find out by normal means). And also the friend knows nothing, since his computer was infected before.
Of course, I know that it is possible to change a firmware by hw-means (replacing the chip or reprogram it with special hw) but when the firmware of some or all USB-devices would be alterable just by plugging them into a computer, a new kind of virus would be possible spreading more silently and dangerously as all of them before.
HW hacking the firmware of USB devices of course is possible, but would be more in the field of industrial or real espionage. Reprogramming firmware "on-the-run" would cause a new mass-threat for computers.