When Windows 8 rolled up to the curb, Microsoft did its best to enforce a protocol known as Unified Extensible Firmware Interface (UEFI) Secure Boot. This was to be a modern replacement for the aging BIOS usb security system and would help ensure boot-time malware couldn’t be injected into a system. For the most part, Linux has overcome those UEFI hurdles. However, with Windows 10, those hurdles could be returning.
A bigger problem is that software-based encryption can’t stop brute-force attacks against the password or key, as they use the computer’s memory to store the number of login attempts. This counter can be continuously reset by an attacker until an automated password cracking program finds the password. Another type of attack that software implementations can’t usb security prevent is called a parallel attack; the encrypted data is copied from the USB drive to another computer or computers where the attack is carried out. Cloud computing means it’s now easy to rent supercomputer processing power by the hour, making it possible for a parallel attack to decrypt even strong passwords in a matter of hours by using brute force.
The problem remains that consulting Nohl’s data won’t do consumers much good. Unlike computer-makers that advertise Intel Inside,” USB device-makers don’t label their products with the obscure Taiwanese company’s chip they’ve integrated. And they often switch chips—even in the same product—to take advantage of whichever supplier can give them those secure usb semiconductors for a few pennies cheaper that month. In an analysis of USB controller chips at the security conference ShmooCon earlier this year, security researcher Richard Harman found that Kingston used half a dozen different companies’ USB chips That Kingston flash drive could have USB controllers from any of five or six vendors,” Nohl says.