Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures

usb3Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."

The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.

Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."

Top Rated Comments

theanimala Avatar
94 months ago
I'm going back to only using a pen and paper from now on.
Score: 28 Votes (Like | Disagree)
simonb76 Avatar
94 months ago
Jack Bauer has been doing this for years.
Score: 24 Votes (Like | Disagree)
ChrisCW11 Avatar
94 months ago
Nobody cares about wired attacks

This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.

Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Score: 17 Votes (Like | Disagree)
proline Avatar
94 months ago
Interesting. In other news, remember kids, Apple is completely wrong to not include obsolete legacy ports like USB on their modern iOS devices.
Score: 11 Votes (Like | Disagree)
dejo Avatar
94 months ago
Jack Bauer has been doing this for years.

Wouldn't he leave this up to Chloe? ;)
Score: 9 Votes (Like | Disagree)
LV426 Avatar
94 months ago
At the end of the day, any malware that happens to be on a USB device has to be able to make it into the target computer. The article talks a lot about PCs which, historically, have been quite easy to compromise.

Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.

I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.

My PC on the other hand...
Score: 6 Votes (Like | Disagree)

Top Stories

studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
affinity designer contour tool

Serif Updates Affinity Photo, Designer, and Publisher With New Tools and Functions

Thursday February 4, 2021 1:58 am PST by
Serif today announced across-the-board updates for its popular suite of Affinity creative apps, including Affinity Photo, Affinity Designer, and the Apple award-winning Affinity Publisher for Mac, all of which were among the first professional creative suites to be optimized for Apple's new M1 chip. "After another year which saw record numbers of people switching to Affinity, it's exciting to...
maxresdefault

Craig Federighi and Greg Joswiak Discuss iPadOS 15, macOS Monterey, Privacy, Shortcuts on Mac, and More

Saturday June 12, 2021 6:12 am PDT by
As is tradition, Apple executives Craig Federighi and Greg Joswiak joined Daring Fireball's John Gruber in an episode of The Talk Show to discuss several announcements that Apple made over this weeks WWDC, including iPadOS 15, macOS Monterey, and a large focus around privacy. Federighi kicks off the conversation discussing the common architecture, now thanks to Apple silicon, across all of...
M1X MBP Feature

Leaker: Upcoming MacBook Pro to See Price Hike Over Current Model, Equal Performance Across 14 and 16-Inch Sizes

Tuesday August 24, 2021 5:28 am PDT by
The upcoming 14-inch MacBook Pro is set to be more expensive than the current 13-inch MacBook Pro and both the 14 and 16-inch models will offer the same performance, according to the leaker known as "Dylandkt." The leaker shared the information on Twitter, explaining that both of the upcoming MacBook Pro models, expected to come in 14 and 16-inch sizes, will feature the same performance due...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
General Apps Messages

Android iMessage Competitor Puts Pressure on Apple

Friday July 30, 2021 3:15 am PDT by
Google and the three major U.S. carriers, including Verizon, AT&T, and T-Mobile, will all support a new communications protocol on Android smartphones starting in 2022, a move that puts pressure on Apple to adopt a new cross-platform messaging standard and may present a challenge to iMessage. Verizon recently announced that it is planning to adopt Messages by Google as its default messaging...
YouTube Picture in Picture Feature

YouTube Premium Subscribers Can Now Use iOS Picture-in-Picture: Here's How

Wednesday August 25, 2021 3:55 am PDT by
Google has rolled out picture-in-picture support as an "experimental" feature for YouTube premium subscribers, allowing them to watch video in a small window when the app is closed. If you're a premium YouTube subscriber looking to try out picture-in-picture, follow these steps: Launch a web browser and sign into your YouTube account at YouTube.com. Navigate to www.youtube.com/new. Scroll...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
twitterqrcode

Twitter Introduces QR Codes for Sharing and Following Accounts

Wednesday November 16, 2016 4:13 pm PST by
Twitter today introduced Snapchat-style QR codes, which are designed to make it easier to find and follow friends on the social network. Each Twitter QR code is unique to an individual Twitter user, so when scanned, it'll bring up the person's account. To access your Twitter QR code, you'll need the official Twitter app for iOS. In the app, go to your profile, tap on the gear icon, and select...
macOS Monterey on MBP Feature

Apple Seeds Sixth Beta of macOS Monterey to Developers

Monday August 30, 2021 1:11 pm PDT by
Apple today seeded the sixth developer beta of macOS Monterey, the newest version of the macOS operating system. The sixth beta comes three weeks after Apple released the fifth macOS Monterey beta. Registered developers can download the beta through the Apple Developer Center and once the appropriate profile is installed, betas will be available through the Software Update mechanism in...