+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hackers Have Figured Out A Major Security Flaw In USB Sticks

Oct 3, 2014, 15:29 IST

A vast number of USB devices - whether they're USB sticks or keyboards - could now be vulnerable to malware after security researchers published code that spreads itself by hiding in the firmware that controls how USB devices connect to computers.

Advertisement

Wired reports that the "BadUSB" vulnerability, first developed by security researchers, has been released online. This means that hackers can now start using it to infect computers.

The "good" news is that vulnerability only comes from one USB manufacturer, Phison of Taiwan. The bad news is that Phison USB sticks can infect any device they're inserted into, and it's not clear whether those devices can then go on to infect any other USB device that is plugged into them afterwards. Phison does not disclose who it makes USB sticks for - so it's now clear yet how widespread the problem might be.

The vulnerability in USB works by modifying the firmware of USB devices, hiding malicious code in USB sticks and other devices in a way that's impossible to detect. Even completely deleting the contents of a USB stick wouldn't get rid of the dangerous code. According to Wired, the vulnerability is "practically unpatchable." Once infected, each USB device will infect anything it's connected to, or any new USB stick coming into it.

Hackers Could Use This To Take Over Your Computer

"BadUSB" can be used to force computers into thinking that a USB device is a keyboard, allowing hackers to type whatever they like on your computer. Alternatively, it can replace legitimate software installed on a computer with a corrupted version that hackers can use to control a computer. Another use for the exploit is monitoring all internet traffic through a computer, allowing a hacker to spy on what you're doing.

Advertisement

The Manufacturer Denies It's a Problem

The only way to fix the vulnerability would be to completely redesign the way that Phison USB devices are built. Security researchers have already contacted Phison, the specific manufacturer of the USB devices that were found to be vulnerable, but the company "repeatedly denied that the attack was possible."

The NSA May Have Been Using This Exploit

Edward Snowden's leaks revealed that the NSA possesses a spying device known as "Cottonmouth" that uses a vulnerability in USB to monitor computers and relay information. It's possible that Cottonmouth works using a similar vulnerability as the discovery outlined above.

It Could Start Spreading Very Quickly

The BadUSB malware spreads two ways: From the infected USB device to a computer, and from an infected computer to a USB device. This means that if hackers start infecting people using the malware, it could soon be found around the world.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article