Two researchers Karsten Nohl and Jakob Lell in the USA announced that they’d discovered a vital security flaw they named BadUSB, and this was way back in July this year. BadUSB gives permission to potential hackers to smuggle malware on the devices effectively undiscovered. To make the matters worse, the security flaw not to be fixed any time soon. As long as you plugin a USB stick there is a high risk of you getting attacked since this bad code was is hard coded into the USB firmware, and the only way to solve this is to completely redesign the USB Standard.
According to Wired, as of this week, two guys Adam Caudill and Brandon Wilson jointly announced that they had successfully reverse-engineered BadUSB, and they published the code on GitHub. They also demonstrated several other uses for it,this includes an attack that takes over a user’s keyboard input and turns control over to the attacker. As long as attackers can reprogram USB firmware, attacks like this will be a serious threat. The only way to fix the vulnerability is a new layer of security around firmware, but that would mean a full update to the USB standard itself, which mean years of insecurity.
Above Adam Caudill and Brandon Wilson’s DerbyCon presentation
Late last year, we reported a new USB hardware standard that was underway, the next evolution of the USB plug which unfortunately there will have no compatibility with existing connectors. The new connector is called Type-C, is an addition to the existing USB 3.1 specification and was expected to be finalized mid 2014. We hope this current security flaw will also be fixed in this upcoming USB standard.
Source: Wired
