Security researchers show how a USB device can takeover your computer

Security researchers show how a USB device can takeover your computer

The USB port is ubiquitous.

The humble USB port has come a long way and has just about become the default interface for, well, everything really. External storage devices, input devices such as mice and keyboards, all rely on the USB interface to communicate with the system. However, two security researchers are adamant that the security of USB is "fundamentally broken" and are going to present their findings next week.

Karsten Nohl and Jakob Lell have a collection of proof-of-concept software that highlights why the USB interface has been compromised from the start. The pair have also created a malware called BadUSB, that can be installed to completely takeover a PC. And because BadUSB is implanted in the firmware that controls a USB device's basic functions, this malware could feasibly go undetected even if the drive is formatted. In other words, there is no easy fix for this.

Nohl said, "These problems can't be patched. We are exploiting the very way that USB is designed." He also added that this malware was not simply copied, and that they spent months to reverse engineer the firmware to implement and hide the attack code. Hence, the malware cannot be cleaned using off-the-shelf software and tools and requires someone with similar reverse engineering skills to look at the altered firmware to find the malicious codes.

Worse, this form of attack is not limited to just USB storage devices, but any USB device. The pair also managed to implant the code into a USB headset.

Since there is no quick fix to this, the two researchers are calling for a change in the way we use and view USB device, but they admit that this could be difficult.

Nohl said, "In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it. You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”

Source: Wired

All News Categories

News for Past 12 Months

Subscribe to HWZ Here!

Subscribe now to receive latest tech news, articles and promotions straight to your inbox!
By signing up, you indicate that you have read and agreed to the and .

Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.