NO ONE IS SAFE: The USB Has Been Hacked
USB devices are hacked, and they are hacked in such a way that you don’t even know it when they’re steadily killing your computer and stealing everything on it. At least, that’s what Forbes tells us.
According to German security researchers Karsten Nohl and Jakob Lell, the problem isn’t in the USB storage itself, but in how the USB works. Nohl and Lell claim that the inherent structure of a USB device makes it susceptible to all kinds of sneaky malware.
Nohl and Lell used reverse engineering to create a malware they call “BadUSB,” a code that hides, attacks, and reprograms USB firmware. Firmware here refers to a consolidation of data, memory, and program coding in a computing device.
“You can give [a thumb drive] to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean,'” Nohl told Wired. “The cleaning process doesn’t even touch the files we’re talking about.”
The essential problem is that USB firmware can be reprogrammed to do whatever hackers want it to do — from breaking in to your computer to interfering with your internet traffic, according to Wired. Unfortunately, this includes mice, keyboards, smartphones, and thumb drives.
“In this new way of thinking, you can’t trust a USB just because its storage doesn’t contain a virus. Trust must come from the fact that no one malicious has ever touched it,” Nohl told Wired. “You have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. And that’s incompatible with how we use USB devices right now.”
Nohl and Lell plan to present their findings with reverse engineering and BadUSB at the Black Hat security conference in Las Vegas, which is August 2-7. Until someone finds a way to save the USB system or develop something safer, Nohl said there’s not a whole lot you can do.
“Perhaps you remember once when you’ve connected some USB device to your computer from someone you don’t completely trust,” Nohl told Wired. “That means you can’t trust your computer anymore. This is a threat on a layer that’s invisible. It’s a terrible kind of paranoia.”
Follow Kate on Twitter