Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."
The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.
“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”
Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."
Popular Stories
Game emulator apps have come and gone since Apple announced App Store support for them on April 5, but now popular game emulator Delta from developer Riley Testut is available for download. Testut is known as the developer behind GBA4iOS, an open-source emulator that was available for a brief time more than a decade ago. GBA4iOS led to Delta, an emulator that has been available outside of...
iOS 18 is expected to be the "biggest" update in the iPhone's history. Below, we recap rumored features and changes for the iPhone. iOS 18 is rumored to include new generative AI features for Siri and many apps, and Apple plans to add RCS support to the Messages app for an improved texting experience between iPhones and Android devices. The update is also expected to introduce a more...
The first approved Nintendo Entertainment System (NES) emulator for the iPhone and iPad was made available on the App Store today following Apple's rule change. The emulator is called Bimmy, and it was developed by Tom Salvo. On the App Store, Bimmy is described as a tool for testing and playing public domain/"homebrew" games created for the NES, but the app allows you to load ROMs for any...
Apple today said it removed Game Boy emulator iGBA from the App Store for violating the company's App Review Guidelines related to spam (section 4.3) and copyright (section 5.2), but it did not provide any specific details. iGBA was a copycat version of developer Riley Testut's open-source GBA4iOS app. The emulator rose to the top of the App Store charts following its release this weekend,...
Last September, Apple's iPhone 15 Pro models debuted with a new customizable Action button, offering faster access to a handful of functions, as well as the ability to assign Shortcuts. Apple is poised to include the feature on all upcoming iPhone 16 models, so we asked iPhone 15 Pro users what their experience has been with the additional button so far. The Action button replaces the switch ...
A week after Apple updated its App Review Guidelines to permit retro game console emulators, a Game Boy emulator for the iPhone called iGBA has appeared in the App Store worldwide. The emulator is already one of the top free apps on the App Store charts. It was not entirely clear if Apple would allow emulators to work with all and any games, but iGBA is able to load any Game Boy ROMs that...
Top Rated Comments
This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.
Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Wouldn't he leave this up to Chloe? ;)
Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.
I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.
My PC on the other hand...