Technology content trusted in North America and globally since 1999
8,585 Reviews & Articles | 67,054 News Posts

BadUSB exploit shared publicly, half of all USB devices are vulnerable

The BadUSB code, which can take over the majority of USB products, is released to the public

By Paul Alcorn on Nov 17, 2014 01:41 pm CST - 1 min, 26 secs reading time

BadUSB was developed by a team of researchers to highlight the inherently flawed design of the USB specification. Once injected, this exploit allows full control to the users computer. The worst aspect of this vulnerability lies in the nature of the hack, it actually resides in the firmware of USB devices. Erasing or wiping a USB stick is the most common method of removing malware, but since this exploit resides in the firmware of the device, it renders traditional virus removal techniques useless. The hack goes far beyond just flash memory sticks and includes USB hubs, SD card adapters, SATA adapters, all USB input devices, webcams, and storage devices.

badusb_exploit_shared_publicly_half_of_all_usb_devices_are_vulnerable_01

The concept of attacking a computer through USB devices certainly isn't new, the NSA has been known to utilize similar tactics via the Cottonmouth device leaked by Edward Snowden. A recent update on the severity of the issue was released at the PacSec security conference. Researchers tested eight USB controllers from leading manufacturers and determined that only half of them were safe from the attack. This is a better outlook than previous research that indicated all USB devices are vulnerable, but is a hollow comfort because users have no method of determining which devices are exposed to the nefarious firmware hacks. There is no known method for the common user to even detect an infection, let alone remove it.

The original researchers refused to publish the BadUSB code, but some other friendly sorts have published their own BadUSB code, purportedly for studying the problem and providing incentive for companies to fix the issue. The bad news? The code is now available to the public. The only recourse for end users is to simply not trust any USB device.

Paul Alcorn

ABOUT THE AUTHOR - Paul Alcorn

The quest for benchmark world records led Paul further and further down the overclocking rabbit hole. SSDs and RAID controllers were a big part of that equation, allowing him to push performance to the bleeding edge. Finding the fastest and most extreme storage solutions led to experience with a myriad of high-end enterprise devices. Soon testing SSDs and Enterprise RAID controllers at the limits of their performance became Paul's real passion, one that is carried out through writing articles and reviews.

Related Tags