Remember the major USB flaw demonstrated by Karsten Nohl about 2 months ago? Although Nohl never released the code he used in the demonstration, two other researchers have managed to perform the same tricks, and they’ve made their code publicly available on Github. Now anybody can use this code to perform attacks. The researchers say they released the code in an attempt to start the process whereby the security architecture of USB devices is fundamentally redesigned.
At the time Nohl first made his presentation, he gave Continue reading Code with BadUSB Tricks Published on Github
Two researchers appear to have discovered a serious flaw in USB. This isn’t just your everyday virus. Malware planted using this flaw is not merely stored on the flash memory itself; it’s actually in the firmware that the drive depends on to run. One article blames the flaw on the USB Implementers Forum, which supports and promotes the USB specification. The flaw is able to spread from a USB flash drive to a computer and vice versa.
Until device makers come up with a fix, Nohl, one of the two researchers, proposes a short-term solution: Don’t connect untrusted USB drives to your computer, and don’t connect your USB drives into untrusted computers.
Simple enough, right? Even before this flaw was discovered, Nohl’s suggestion would have been sound advice; untrusted computers can plant more run-of-the-mill malware on your drive or tamper with your files. But the fact that the article describes Nohl’s suggestion as a “fundamental change in how we use USB gadgets” reflects on how most of us in fact use our USB flash drives. This is unsurprising, considering how convenient it is to carry our files around from one computer to another, but it is also an attitude that should be reexamined, particularly in light of these latest discoveries.