Skip to Content

Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures

by

usb3Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."

The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.

Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."

Popular Stories

imac video apple feature

Apple Unveils Two New Products

Monday March 2, 2026 7:49 am PST by
Apple today introduced two new devices, including the iPhone 17e and an updated iPad Air. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the ...
Read Full Article
Multicolored Low Cost A18 Pro MacBook Feature

Apple Accidentally Leaks 'MacBook Neo'

Tuesday March 3, 2026 7:00 am PST by
Apple appears to have prematurely revealed the name of its rumored lower-cost MacBook model, which is expected to be announced this Wednesday. A regulatory document for a "MacBook Neo" (Model A3404) has appeared on Apple's website. Unfortunately, there are no further details or images available yet. While the PDF file does not contain the "MacBook Neo" name, it briefly appeared in a link...
Read Full Article218 comments
Apple iPhone 17e feature

Apple Announces iPhone 17e With A19 Chip, MagSafe, and More

Monday March 2, 2026 6:07 am PST by
Apple today announced the iPhone 17e, featuring the A19 chip, MagSafe connectivity, faster charging, and more. The iPhone 17e contains the A19 chip introduced in iPhone 17. It features a 6-core GPU and a 4-core GPU. Apple pointed out that this makes it up to 2x faster than the iPhone 11. The new 16-core Neural Engine is optimized for large generative models. The iPhone 17e also contains...
Read Full Article234 comments

Top Rated Comments

T
theanimala
151 months ago
I'm going back to only using a pen and paper from now on.
Score: 28 Votes (Like | Disagree)
S
simonb76
151 months ago
Jack Bauer has been doing this for years.
Score: 24 Votes (Like | Disagree)
C
ChrisCW11
151 months ago
Nobody cares about wired attacks

This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.

Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Score: 17 Votes (Like | Disagree)
P
proline
151 months ago
Interesting. In other news, remember kids, Apple is completely wrong to not include obsolete legacy ports like USB on their modern iOS devices.
Score: 11 Votes (Like | Disagree)
dejo Avatar
dejo
151 months ago
Jack Bauer has been doing this for years.

Wouldn't he leave this up to Chloe? ;)
Score: 9 Votes (Like | Disagree)
LV426 Avatar
LV426
151 months ago
At the end of the day, any malware that happens to be on a USB device has to be able to make it into the target computer. The article talks a lot about PCs which, historically, have been quite easy to compromise.

Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.

I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.

My PC on the other hand...
Score: 6 Votes (Like | Disagree)
Read All Comments