Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures
Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."
The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.
Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.
“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”
Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."
Popular Stories
This year, all iPhone 15 models will include Apple's Dynamic Island that unifies the pill and hole cutouts at the top of the display, but there will also be a material change to the feature that wasn't included in the iPhone 14 Pro models.
According to a new tweet by Apple industry analyst Ming-Chi Kuo, the proximity sensor on the iPhone 15 series will be integrated inside the Dynamic Island ...
Apple is tracking the attendance of its employees at offices using badge records in order to ensure they are coming in at least three times a week, according to Platformer's Zoë Schiffer.
Since April 2022, Apple employees have been operating on a hybrid home/office work policy as part of a gradual return strategy following the pandemic, with staff required to work from the office at least...
While the iPhone 15 series is still around six months away from launching, there have already been plenty of rumors about the devices. Many new features and changes have been rumored for the iPhone 15 Pro and iPhone 15 Pro Max in particular.
Below, we have recapped 10 changes rumored for iPhone 15 Pro models that are not expected to be available on the standard iPhone 15 and iPhone 15 Plus:A1...
Nothing today announced the launch of its second-generation wireless earbuds, the Nothing Ear (2), which offer many of the same features as Apple's AirPods Pro 2 at a lower price point. We went hands-on with the Ear (2) earbuds to see whether they're a viable alternative to the AirPods Pro 2 for those who want to save some cash.
The Ear (2) earbuds are the successor to the Nothing Ear (1),...
Apple is no longer allowing customers who purchase an iPhone, cellular iPad, or Apple Watch to activate a device with now-defunct mobile carrier Sprint. Apple has also removed remaining references to Sprint from its online store.
When checking out with a new purchase, Sprint is no longer an option for connectivity, a change that Apple appears to have implemented today. Prior to now, Sprint...
Apple says iOS 16.4 is coming in the spring, which began this week. In his Sunday newsletter, Bloomberg's Mark Gurman said the update should be released "in the next three weeks or so," meaning a public release is likely in late March or early April.
iOS 16.4 remains in beta testing and introduces a handful of new features and changes for the iPhone. Below, we have recapped five new features ...
We saw a lot of great deals on Apple products and related accessories this week, including Samsung's iMac-like Smart Monitor M8 for $250 off, a 30 percent off spring sale at Anker, and the year's best prices on numerous AirPods models. All of these deals are still available to purchase right now, so we're recapping them and more below.
Note: MacRumors is an affiliate partner with some of these ...
We're still almost six months away from the official unveiling of the iPhone 15 lineup, but it seems like every day we're learning more about what to expect from the next-generation models. Notably, this week gave us our clearest look yet at what appear to be some changes for the volume and mute control hardware.
iOS 16.4 and associated releases are also right around the corner with some new ...
Top Rated Comments
This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.
Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Wouldn't he leave this up to Chloe? ;)
Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.
I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.
My PC on the other hand...