Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."
The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.
“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”
Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."
Popular Stories
Apple is aiming to hold its first fall event on Wednesday, September 7, reports Bloomberg's Mark Gurman. The event will focus on the iPhone 14 models and the Apple Watch Series 8.
The standard iPhone 14 models are expected to get few changes, but the iPhone 14 Pro models will include updated camera technology, the removal of the notch in favor of a pill-shaped and hole-punch cutout, an A16...
Apple today released iOS and iPadOS 15.6.1, minor updates to the iOS and iPadOS 15 operating systems initially released in September 2021. iOS 15.6.1 and iPadOS 15.6.1 come a month after Apple released iOS 15.6 and iPadOS 15.6 with new Live Sports features and bug fixes.
The iOS 15.6.1 and iPadOS 15.6.1 updates can be downloaded for free and the software is available on all eligible devices...
Apple's rumored 10th-generation iPad is currently in production and will feature "major" design changes, according to a report from Taiwanese website DigiTimes.
A mockup of the potential 10th-generation iPad design by Renders By Shailesh The report did not provide any specific details about the 10th-generation iPad's new design, but rumors suggest the device will feature a larger 10.5-inch...
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect.
In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year.
H2 Chip
...
It's crazy to think about, but next month will mark five years since Apple announced the Apple Watch Series 3. Despite being a severely antiquated smartwatch, the Series 3 has remained at the bottom of Apple's lineup for $199.
Suppose you're still holding on to your Apple Watch Series 3. In that case, this article will list all the major new features and changes you'll get if you decide to...
Apple today seeded the sixth betas of upcoming iOS 16 and iPadOS 16 updates to developers for testing purposes, with the updates coming a week after Apple released the fifth developer betas.
Registered developers can download the iOS and iPadOS 16 profiles from the Apple Developer Center, and once installed, the betas will be available over the air.
iOS 16 introduces a revamped Lock...
Top Rated Comments
This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.
Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Wouldn't he leave this up to Chloe? ;)
Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.
I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.
My PC on the other hand...