Home » News » General » Researchers warn about ‘BadUSB’ security flaw

Researchers warn about ‘BadUSB’ security flaw

By Silky Malhotra | Updated on 01-Aug-2014
Researchers warn about ‘BadUSB’ security flaw
Silky Malhotra Silky Malhotra
01-Aug-2014
HIGHLIGHTS

Researchers warn against malware that can live in any USB drive undetected.

Security researchers state that USB drives have a fundamental security flaw that allows an attacker to take over any device it is connected to, whether PC or Android. The malware dubbed BadUSB can instruct devices to redirect net traffic, alter files and more.

Security researchers Karsten Nohl and Jakob Lell from German security firm SR Labs have reverse engineered the firmware that controls the basic communication functions of USB. The researchers have also written a piece of malware, called BadUSB, that can “be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic.” The researchers are gong to present their report at the Black Hat conference next week.

The researchers stated that even if a PC was completely protected against standard malware, the malware can imitate a keyboard or mouse to take control of PCs. The researchers even managed to hack the USB controller in an Android handset connected to a PC.

The malware is undetectable and could be easily added to a USB key when it is inserted into a PC, and infect the device that it’s connected to. Researchers claim that there is no protection against this attack, except for never sharing USB devices.

Nohl stated, “These problems can’t be patched. We’re exploiting the very way that USB is designed. You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s clean, [but] the cleaning process doesn’t even touch the files we’re talking about.”

Recently CERT-In had warned against virus 'Bladabindi' that spreads through pen drives and steals sensitive personal information. The advisory states that the virus affects “Microsoft Windows operating system” and can assume as many as 12 aliases to steal personal information from a pc. The malware steals Chrome/Firefox passwords, can check for camera drivers and install DLL plug-in to record and upload videos to remote hackers.

Source: Wired

Silky Malhotra

Silky Malhotra

Silky Malhotra loves learning about new technology, gadgets, and more. When she isn’t writing, she is usually found reading, watching Netflix, gardening, travelling, or trying out new cuisines. View Full Profile

New Mobiles
Redmi Note 14 Pro+ 5GRedmi Note 14 5GVivo V40e 5GInfinix Zero Flip 5G
Top-10s
Best Budget Smartphones in India (December 2024)Top Most Beautiful and Stylish Mobile Phones for Women/Girls (December 2024)Best Battery Backup Smartphones in India (December 2024)Best Gaming Phones under ₹20,000 (December 2024)
Latest News
Sapient’s RNN AI model aims to surpass ChatGPT and Gemini: Here’s howSamsung Galaxy S25 Ultra vs S24 Ultra: Price, display, processor and other detailsGoogle wants US govt to break Microsoft and OpenAI partnership, here’s whyiPhone 16 Pro that costs over Rs 1 lakh, now available for only Rs 80,250: How to get it
Digit

Digit.in is one of the most trusted and popular technology media portals in India. At Digit it is our goal to help Indian technology users decide what tech products they should buy. We do this by testing thousands of products in our two test labs in Noida and Mumbai, to arrive at indepth and unbiased buying advice for millions of Indians.

Follow us : logo logo logo logo logo logo
Company About Us Contact Us Advertise with us Regulatory Terms & Conditions Privacy Policy Disclaimer Complaint Redressal
Copyright © 2024 Bennett, Coleman & Company Limited All Rights Reserved.
Digit.in
Logo
Digit.in
Logo