As if all these data breaches, viruses and such aren’t bad enough, two researchers have now found a way (and since released some tools) to turn ordinary USB devices into carriers that can deploy malware and allow malicious people to gain access to unwanted information.
This threat can potentially affect anyone who uses any unpatched USB device, including USB drives and keyboards.
This vulnerability is now known as “BadUSB
” (good name eh?). The source code has also been published by the two researchers on the open source code hosting website Github
. Due to the freely available code, this is forcing all USB manufacturers to come up with ways to provide some sort of protection for their USB flash drive firmware and fix the problem or leave hundreds of millions of users vulnerable to the attack.
The code which was released by the two researchers Adam Caudill
and Brandon Wilson
and has the capability to spread itself by hiding inside the firmware
(the brains of the USB device) which is meant to control the way in which USB devices connect and communicate to computers. This hack utilises the security flaw in the USB that allows an attacker to insert malicious code into their firmware.
[h2]The good news, then some bad[/h2]
There is some good news now that you have been scared to death, this is that this vulnerability is present (so far) in only one USB manufacturer Phison electronics
, a Taiwanese electronics company. There is a down side to this however, the bad side of it, is that Phison USB sticks can infect any given device they are plugged into and the company has not yet revealed who it manufactures USB sticks for. At this point in time it is still unclear as to how widespread the problem is.
According to Wired
, this vulnerability is “practically unpatchable
” as it exploits “the very way that USB is designed.
” Once a USB device has been infected with the malware, each USB device will infect anything it’s connected to, or any new USB stick being plugged into it.
Stay tuned, and be be wary of plugging inUSB sticks into any unknown system, this is a problem that anti-virus cannot help with.