BadUSB exploit shared publicly, half of all USB devices are vulnerable

The BadUSB code, which can take over the majority of USB products, is released to the public.

@paulyalcorn
Published Mon, Nov 17 2014 1:41 PM CST   |   Updated Tue, Nov 3 2020 12:13 PM CST

BadUSB was developed by a team of researchers to highlight the inherently flawed design of the USB specification. Once injected, this exploit allows full control to the users computer. The worst aspect of this vulnerability lies in the nature of the hack, it actually resides in the firmware of USB devices. Erasing or wiping a USB stick is the most common method of removing malware, but since this exploit resides in the firmware of the device, it renders traditional virus removal techniques useless. The hack goes far beyond just flash memory sticks and includes USB hubs, SD card adapters, SATA adapters, all USB input devices, webcams, and storage devices.

BadUSB exploit shared publicly, half of all USB devices are vulnerable | TweakTown.com

The concept of attacking a computer through USB devices certainly isn't new, the NSA has been known to utilize similar tactics via the Cottonmouth device leaked by Edward Snowden. A recent update on the severity of the issue was released at the PacSec security conference. Researchers tested eight USB controllers from leading manufacturers and determined that only half of them were safe from the attack. This is a better outlook than previous research that indicated all USB devices are vulnerable, but is a hollow comfort because users have no method of determining which devices are exposed to the nefarious firmware hacks. There is no known method for the common user to even detect an infection, let alone remove it.

The original researchers refused to publish the BadUSB code, but some other friendly sorts have published their own BadUSB code, purportedly for studying the problem and providing incentive for companies to fix the issue. The bad news? The code is now available to the public. The only recourse for end users is to simply not trust any USB device.

The quest for benchmark world records led Paul further and further down the overclocking rabbit hole. SSDs and RAID controllers were a big part of that equation, allowing him to push performance to the bleeding edge. Finding the fastest and most extreme storage solutions led to experience with a myriad of high-end enterprise devices. Soon testing SSDs and Enterprise RAID controllers at the limits of their performance became Paul's real passion, one that is carried out through writing articles and reviews.

Newsletter Subscription

Related Tags

Newsletter Subscription
Latest News
View More News
Latest Reviews
View More Reviews
Latest Articles
View More Articles