How To Check Your USB Devices For Unsafe Firmware

Your USB peripherals may be making your PC vulnerable to hackers. The data security firm Eclypsium reports that the majority of Windows and Linux-based peripherals use “unsigned” firmware that leaves them open to all manner of attack—ransomware, spyware, and even full-on device takeovers.

Firmware is “unsigned” if it doesn’t use a validation key—the “signature,” so to speak—to verify if drivers and updates come from the manufacturer, making it possible to accidentally download and install fake drivers that contain the malicious code.

Hackers have successfully exploited unsigned firmware on USB mice, laptop trackpads, and even routers, but the entire gamut of Windows and Linux hardware can use unsigned firmware—including graphics cards, hard drives, webcams, and everything in between.

Unfortunately, the issue can’t be “fixed” without a device’s manufacturer rolling out new, signed firmware. The Eclyspium report notes that several hard drive manufacturers updated their HDDs and SSD to only accept signed firmware as the risks of unsigned firmware have become better known, and many other companies have updated their devices in response to verified threats, but many other devices remain at risk.

And even if a device gets the proper update, many of them require the user to download and install it themselves. You can’t exactly update a wireless mouse or USB hub’s firmware like you can a smartphone.

That said, the reports from Eclypsium and other sources make it clear we all need to check our devices for unsigned firmware and drivers. Even if you can’t ultimately update all of your peripherals’ firmware, it’s still worth knowing which ones are potentially at risk of installing fake drivers. Here’s how to check for unsigned firmware and drivers on Windows:

  1. Open the Windows Start menu

  2. Search for and run “Device Manager”

  3. In the Device Manager, right-click a device then click “Properties.”

  4. Go to “Driver” tab. You should also see a “Digital Signer” listed; if it’s blank or it’s listed as “Unknown,” then the firmware is unsigned.

  5. Next, click “Driver details.” A new window will pop-up with a list of installed drivers for that device. Signed drivers will have a certificate icon next to them like those in the screenshot above. You should also see the Digital Signer for the driver listed below, which should match the Digital Signer in the “Driver” tab.

Linux users can also verify if a device’s firmware is signed, but the exact steps will vary between Linux distros.

Check for software updates on any devices using unsigned firmware or drivers that you find. Note that even the most up-to-date firmware you download directly from the manufacturer may still be unsigned, in which case you need to make sure you’re updating the device’s drivers properly. This can be done by using your operating system’s built-in driver update tool; the manufacturer’s first-party update tool (if available); or by only downloading and installing updates directly from the company’s official website.


Leave a Reply