We all rely on USB to interconnect our digital lives—-but new research reveals that there’s a fundamental security flaw in the very way that the humble Universal Serial Bus functions, and it could be exploited to wreak havoc on any computer.
Wired reports that security researchers Karsten Nohl and Jakob Lell have reverse engineered the firmware that controls the basic communication functions of USB. Not only that, the’ve also written a piece of malware, called BadUSB, that can “be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.”
Embedded within USB devices—from thumb drives thorough keyboards to smartphones—is a controller chip which allows the device and a computer it’s connected to send information back and forth. It’s this that Nohl and Lell have targeted, which means their malware doesn’t sit in flash memory, but rather is hidden away in firmware, undeletable by all but the most technically knowledgable. Lell explained to Wired:
“You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean… [But these] problems can’t be patched. We’re exploiting the very way that USB is designed.”
Full story: Gizmodo