Friday, October 3, 2014

NEWS: Hackers Have Figured Out A Major Security Flaw In USB Sticks

A vast number of USB devices — whether they're USB sticks or keyboards — could now be vulnerable to malware after security researchers published code that spreads itself by hiding in the firmware that controls how USB devices connect to computers.

Wired reports that the "BadUSB" vulnerability, first developed by security researchers, has been released online. This means that hackers can now start using it to infect computers.

The "good" news is that vulnerability only comes from one USB manufacturer, Phison of Taiwan. The bad news is that Phison USB sticks can infect any device they're inserted into, and it's not clear whether those devices can then go on to infect any other USB device that is plugged into them afterward. Phison does not disclose who it makes USB sticks for — so it's not yet clear how widespread the problem might be.

The vulnerability in USB works by modifying the firmware of USB devices, hiding malicious code in USB sticks and other devices in a way that's impossible to detect. Even completely deleting the contents of a USB stick wouldn't get rid of the dangerous code. According to Wired, the vulnerability is "practically unpatchable." Once infected, each USB device will infect anything it's connected to, or any new USB stick coming into it.

No comments:

Post a Comment