Researcher Details USB-Based Attack That Circumvents All Known Protective Security Measures

usb3Security research Karsten Nohl of Berlin's SR Labs has revealed a flaw in USB devices that potentially allows hackers to evade all known security measures used by a computer. In a report by Wired, Nohl says his BadUSB exploit is "almost like a magic trick" because "you cannot tell where the virus came from."

The exploit takes advantage of a flaw that allows a hacker to tamper with the firmware that controls the functions of USB devices such as mice, thumb drives and keyboards.

Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

“These problems can’t be patched,” says Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. “We’re exploiting the very way that USB is designed.”

Nohl, along with fellow SR Labs researcher Jakob Lell, will present additional details on this attack during a presentation at the annual Black Hat hacking conference, which will be held next week in Las Vegas. The title of his presentation is "Bad USB - On Accessories that Turn Evil."

Top Rated Comments

theanimala Avatar
85 months ago
I'm going back to only using a pen and paper from now on.
Score: 28 Votes (Like | Disagree)
simonb76 Avatar
85 months ago
Jack Bauer has been doing this for years.
Score: 24 Votes (Like | Disagree)
ChrisCW11 Avatar
85 months ago
Nobody cares about wired attacks

This is not 1980 anymore when people used to worry about viruses on floppy disks. If a person has physical access to your computer, it is a failing with the security in your building or home, not the technology.

Just use the same kind of restrictions you use personally and not let someone stick something in any of your ports or slots unless you want them to and know they are clean.
Score: 17 Votes (Like | Disagree)
proline Avatar
85 months ago
Interesting. In other news, remember kids, Apple is completely wrong to not include obsolete legacy ports like USB on their modern iOS devices.
Score: 11 Votes (Like | Disagree)
dejo Avatar
85 months ago

Jack Bauer has been doing this for years.


Wouldn't he leave this up to Chloe? ;)
Score: 9 Votes (Like | Disagree)
LV426 Avatar
85 months ago
At the end of the day, any malware that happens to be on a USB device has to be able to make it into the target computer. The article talks a lot about PCs which, historically, have been quite easy to compromise.

Just suppose I stuck one of these nasty devices in my Mac. OK, it's fiendish, it's an empty gadget. And then its bad firmware kicks into life and tries to persuade my Mac that files are available. That file still has to make it onto my Mac and has to be an executable to do any harm.

I believe OS X's inbuilt defences against malicious files - wherever they come from - would not be circumvented by a gadget like this.

My PC on the other hand...
Score: 6 Votes (Like | Disagree)

Top Stories

iphone 5s black slate

Images of Unreleased iPhone 5s in Black and Slate Shared Online

Sunday January 17, 2021 9:47 am PST by
Twitter user @DongleBookPro has today shared images of a prototype iPhone 5s in an unreleased Black and Slate color. The iPhone 5s was launched in September 2013. The device featured Touch ID, a 64-bit processor, and a True Tone LED flash for the first time. Other new features included a five-element lens with an f/2.2 aperture, a 15 percent larger camera sensor, Burst Mode, and Slo-Mo...
iP12 charge airpods feature 2

Hidden iPhone 12 Hardware Feature Could Still be Unlocked

Thursday January 14, 2021 2:51 am PST by
All iPhone 12 and iPhone 12 Pro models purportedly have a hidden reverse wireless charging feature, according to an FCC filing. The feature has not yet been activated, but could yet be unlocked for an upcoming Apple accessory. The FCC filing suggests that iPhone 12 models contain the hardware for Wireless Power Transfer (WPT) to accessories: In addition to being able to be charged by a...
google maps detailed street level e1611052089473

Google Maps Gains Enhanced Street-Level Detail in Four Major Cities

Tuesday January 19, 2021 2:34 am PST by
Google Maps has quietly been updated to include significantly more detailed street-level information in a handful of key cities around the world. Upon zooming in, Google's maps for Central London, Tokyo, San Francisco, and New York now benefit from shapes and widths that match the scale of roads more accurately. Meanwhile, enhanced graphical representations of sidewalks, crosswalks,...
macbook pro flexgate

Apple Extends 13-Inch MacBook Pro Backlight Repair Program

Sunday January 17, 2021 10:31 am PST by
Apple this week extended its worldwide 13-inch MacBook Pro Display Backlight Service Program, authorizing coverage for eligible notebooks for up to five years after the original purchase date or up to three years after the start date of the program, whichever is longer. The previous cutoff was four years after the original purchase date. Apple launched the program on May 21, 2019 after...
lg wing

LG Considering Exit From Smartphone Business, Halts LCD Production for iPhone

Wednesday January 20, 2021 5:38 am PST by
LG is considering exiting the smartphone business entirely amid declining shipments and accrued losses of $4.5 billion over the past five years (via The Korea Herald). LG CEO Kwon Bong-Seok cautioned staff earlier today that the company is re-evaluating its presence in the smartphone industry: Since the competition in the global market for mobile devices is getting fiercer, it is about...
airpods max sim ejector

AirPods Max Headband Removable With Just a SIM Ejector Tool, Hinting at Interchangeable Headbands

Tuesday January 19, 2021 8:25 am PST by
It is possible to remove the headband of AirPods Max with just a standard SIM card ejector tool, hinting at the possibility of interchanging headbands to achieve a different colorway. Image via Prelook In December, MacRumors revealed the large variety of AirPods Max ear cushion color combinations when it became clear that they were magnetically attatched and available for sale separately....
macbook pro screensaver table

Some M1 Macs Affected By Fast User Switching Screensaver Bug

Monday January 18, 2021 1:57 am PST by
A growing number of user reports online suggest some of Apple's M1 Mac models are susceptible to a Fast User Switching bug that spontaneously activates the screensaver and leaves the user unable to dismiss it. In macOS Big Sur, Fast User Switching allows users to quickly switch between user accounts without having to completely log out. Based on posts in the MacRumors forums, Apple...
Top Stories 43 Feature

Top Stories: MacBook Pro, iMac, Mac Pro, and iPhone Rumors, Best of CES 2021

Saturday January 16, 2021 6:00 am PST by
This week was sure a busy one in the Apple world, with a flurry of announcements out of CES early in the week followed by a rash of Mac- and iPhone-related rumors later in the week. The new rumors this week included details on updated MacBook Pro, iMac, and Mac Pro models, as well as a few other tidbits, so make sure to read on below to get caught up! Kuo: New MacBook Pro Models to...
shot on iphone 12 apple

Apple Highlights Photos Shot by iPhone 12 Users: Portraits, Cityscapes, and More

Tuesday January 19, 2021 6:05 am PST by
Apple today shared a gallery of photos shot by customers using the iPhone 12 mini, iPhone 12, iPhone 12 Pro, and iPhone 12 Pro Max, with scenes including cityscapes, landscapes, portraits of people, and more at day and night. Shot on iPhone 12 Pro Max by "NKCHU" in China (top) and shot on iPhone 12 Pro Max by Rohit Vohra in India (bottom) iPhone 12 mini and iPhone 12 models have a dual camera ...
Apple and Hyundai feature

Apple Car Production Again Linked to Kia Motor's US Plant in Georgia

Tuesday January 19, 2021 4:19 am PST by
Hyundai intends to transition the company's Apple Car involvement to its Kia brand as part of an internal arrangement that could see production move to the U.S., according to a new report today. On Sunday, Korea IT News reported that Apple and Hyundai are seeking a partnership agreement for the upcoming Apple Car by March, and that the electric vehicles could be made at a Georgia factory...