NetraGard’s hack of client’s network stirred the computer security domain last week using a Logitech’s USB mouse. The USB mouse contains a firmware code that gets automatically launched when any socially engineered user gets plugged into its computer. Thus after getting plugged in, the attack code dials home and informs NetraGard that it has successfully penetrated in the network of the victim.


Many users who are not aware that a mouse can be utilized for an auto-launching exploit code may find it surprising. However, for others who know it already might not find it surprising at all.


According to Roger Grimer, who writes the daily computer security news, pointed out that he developed a USB virus around 7 years down the line while working for Foundstone. He found that he could use the hidden desktop.ini files to autolaunch an executable. The virus easily passed the autorun and autoplay defense mechanism. He had discovered that he could easily do it on the USB key as well and therefore, his coworker Aaron Higbee transferred his findings to the USB devices.


At the time Roger and Aaron had built a digital-camera roaming worm. However, it didn’t work out well, but fortunately Foundstone supported their efforts and allowed them to focus on the USB exploits. Yet, it came as a huge surprise to him when he read about USB infecting vectors, which remain a threat even in 2011.


He focused on the fact that computer security admins must understand the fact that computer can be corrupted by nearly every hardware device that can be plugged into it. He emphasized that hardware is a petty thing and software always places an upperhand on it. While talking about trust boundaries of computer security, the limits of hardware must be understood.


Around two years back, the disk encryption vendors were alarmed about the security threats to their software disk encryption programs. The hackers may use it to freeze the memory of the RAM and check out all its contents with the help of some other pc. Some other scientist had also claimed that he was capable enough to retrieve the encryption keys of the specialized Trusted Platform Module encryption chips.


However, it`s not a big deal, because such things have existed in the computer domain for more than twenty years. As a matter of fact, the biggest vectors can enter your computer through fake antivirus programs, malicious email links and more without attaching any hardware device of the computer.


So, if you are worried about protecting your assets, get educated about the threat and take the steps to protect your electronic devices. Educate the end-users about how free mice, keyboard, and many other hardware devices can generate a malicious code in the computer. To refrain from such problems, the system configurators must incapacitate all the unneeded ports in the system. However, it is simply not possible to disable every computer port. Therefore, keep in mind to enable the antimalware and computer security defenses on your system. This will prevent your system from getting infected until a reliable solution is found.