BADUSB – AN UNPATCHABLE MALWARE THAT INFECTS USBS

2 months ago we saw that it’s possible to corrupt any USB device with insidious, undetectable malware.

The BadUSB attack was demonstrated at the Black Hat security conference by Karsten Nohl, and according to Nohl, the vulnerability is practically unmatchable. Due to the severity of the security problems and the lack of any easy patch the code was kept private.

But the code didn’t stay secret for long…

Researchers Adam Caudill and Brandon Wilson reverse engineered the same USB firmware, reproduced some of BadUSBs tricks and published the code on Github, forcing USB makers to fix the problem or run the risk of exposing millions of users to the attack.

Infected USBs can

– Impersonate the keyboard on victim’s machine to type any keystrokes the attacker chooses

– Hide files in the invisible portion of the code

– Silently disable a USB’s security feature that password-protects portions of its memory

Many would argue that publishing the code is irresponsible, while others would argue that it will speed up the security process to fix it and help to educate people on the potential dangers. There is currently no fix to this Malware, even deleting the contents of the USB’s won’t remove it so no matter what side of the fence you sit on we all agree that something needs to be done quickly.

Source:

http://www.wired.com/2014/10/code-published-for-unfixable-usb-attack/

Tags

What do you think?

Related articles