Security researchers detail 'unpatchable' USB hack

Sponsored Links

Chris Velazco
October 2nd, 2014
In this article: badusb, exploir, firmware, hack, security, usb
Security researchers detail 'unpatchable' USB hack

Remember Karsten Nohl? The security researcher who discovered how to infect just about any USB device with scarily savvy malware and delivered a lengthy talk about it at this year's Black Hat conference? At the time he didn't want to share the code for his exploit, but fellow researchers Adam Caudill and Brandon Wilson figured out how to pull off some of the same tricks and they've published their findings on GitHub. Why? To try and force device manufacturers to get their security acts together.

Nohl's reason for withholding his code the first time around was because he thought it was "unpatchable" -- that is, there wouldn't be an easy firmware fix for this potentially huge problem. We do mean huge, too: the so-called BadUSB proof-of-concept allowed Nohl (along with Caudill and Wilson after the fact) to manipulate files installed from an infected USB device, make an infected gadget act as a faux-keyboard that attackers could control, and in some cases relay personal information to a remote server. Some might argue that releasing this sort of information into the wild is irresponsible and dangerous, but Caudill and Wilson hope to get USB vendors thinking seriously about this potential threat by proving that there's nothing potential about it.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget