Two researchers in information security warned of the presence of 26 security vulnerabilities and software errors in the software package responsible for operating mobile units operating with the technique of "USB", whether mobile memory units, or any other units that use this technology as a means of connecting with devices and accessories, or devices together .

The researcher Huey Ping, who works at the French University of Bordeaux, and researcher Matthias Bayer at the Swiss Federal Institute of Technology in Lausanne, explained that 18 of these loopholes and errors appear with the Linux operating system, while the other appears with the Windows operating systems from the company « Microsoft, "and" Macintosh "from the company" Apple ", stressing that all these vulnerabilities pose a risk to data and devices, as they can be used by attackers and hackers as a back door to viruses and malware.

The researchers published their findings in a research paper at: (nebelwelt.net/ publications), which specializes in publishing academic research papers in the field of information security technologies.

A new tool

The researchers said that they were able to detect this large number of errors and security gaps in the programs of operating the units of "USB", using a new examination tool called "USB Phaser", based on a known method in the field of information security, in which quantities are sent Large or "overflow" of invalid, unexpected, or random data as inputs to other programs, and then security researchers analyze how the tested program behaves, to discover new errors.

They added that while subjecting programs to this flood of data, this tool generates near-valid inputs, so that it makes a kind of "encryption" or confusion and lack of clarity on the programs to be tested, and it performs unexpected behaviors or behaviors, which exposes its gaps. Or bugs, indicating that in such a situation, the tool also monitors the way the program placed under the news deals with exceptional cases, such as malfunctions, or failure of embedded code assertions, or potential memory leaks, etc., and in light of this is detected For any errors, bugs, or software bugs.

New releases

The researchers showed that they used the new scan tool with nine modern versions of the "Linux" operating system, and two versions of "Windows", "Windows 8" and "Windows 10", and the latest version of the "Apple Macintosh" system that bears the name "Catalina" , And a version of the FreeBSD operating system.

And they mentioned that during the tests that took place, the new tool was able to monitor 18 software errors and a security vulnerability in the tested Linux operating systems, four in Windows and three in the Macintosh system, and one in the FreeBSD system.

The researchers pointed out that the errors in «Windows» showed that they could lead to the appearance of the error known as the «blue screen», which leads to stopping the operating system completely, and the need to restart it, and sometimes reinstall it again, while the errors and gaps in the system « Macintosh, ”leading to an unplanned restart of the system, or a freeze that causes nothing but a separate power off of the device.

The most dangerous

The researchers emphasized that most of the errors, and the most dangerous ones, were in the Linux systems, where 16 of them were classified as errors in memory, with a high security impact, especially in the main USB ports, the audio ports, and the ports for networks, as found One serious error in the host controller driver, and a similar error in the camera driver when connected via USB ports.

The researchers said that they informed the Linux development teams of these results, along with the proposed corrections to address them, to reduce the real burden on developers of the pivotal part of the system "Kernel", when fixing the reported gaps.

They reported that 11 of the 18 reported errors were addressed, and the necessary security updates were put forward and provided, and the remaining errors, whether for "Windows" or "Macintosh" systems, are still being worked on, and treatments are expected to be launched soon.

Tips

The researchers called Huey Ping and Matias Bayer users to be careful in using the units that are connected to computers and different devices via the USB ports, and not to use any drivers for these ports from known reliable sources, while making sure to download security updates for operating systems Because the vulnerabilities can be exploited by attackers and infiltrators in accessing various devices, equipment and accessories, then jumping to operating systems, planting malicious software to control them, or burglary of what the devices contain data and information, foremost of which is financial data.