I spoke at this year’s Code Camp (2014) on you know what, Cortana. 🙂
Here’s the easy link to the presentation materials.
… because they are insecure in a fundamental way that currently isn’t defendable or fixable.
UPDATE: I’ve edited the section dealing with alternatives after some further research.
Here’s the background:
Worse yet, you see in Article #2 above that the exploit is IN THE WILD AND FREELY AVAILABLE.
So what are we supposed to do? The alternatives are simple:
- Use Cloud services.
– Such as OneDrive, Dropbox, Box, Google Drive, etc.
– The downside is that you have to be connected and allowed to reach that service to get your files.
- Use other storage media.
– The SD card family (standard, mini, micro, etc).
– The first downside is that SD cards aren’t supported by everything.
– The second downside is that, hands down, USB is the current ruler of connected media.
– The third downside is that SD cards also have a controller chip inside and eventually those might be co-opted like the USB controller chips have.
- Use storage media that has a different physical interface.
– FireWire is a good example.
– Unfortunately, the same issue exists here because drives using this cable standard have controller chips too.
- Use storage media that ha no physical interface.
– WiFi Drives are currently a decent alternative but are not intuitive enough for everybody, and open up a whole different can of worms.
If these things aren’t feasible then you can still purchase brand new drives from “big box” stores (BestBuy, TigerDirect, etc.). Just be aware that you’re potentially in the same boat as if you had an infected USB drive. Infected drives infect the machines they are plugged into, and infected machines infect USB drives that are plugged into them. As of right now there’s simply no “protection” for this type of infection.