In a world where our smartphones and computers are under constant attack from viruses and malware, the humble USB port wasn’t believed to be a particularly concerning attack vector for accessory manufacturers, and certainly wasn’t on the minds of those using it. As of last July, that all changed after Karsten Nohl and Jakob Lell announced a security floor that they dubbed BadUSB.
Allowing attackers to theoretically smuggle malware onto machines via USB devices with no chance of detection, BadUSB’s only hope of not being turned into a viable attack vector was the fact that the two who discovered it chose not to publish how they did it. As a result, while USB accessory makers probably were never going to act too fast, they did at least have a heads-up on the problem.
Unfortunately, that safety net is no longer there, because two new hackers have managed to reverse engineer what Nohl and Lell called BadUSB and subsequently put everything they had up onto GitHub. What’s more, Adam Caudill and Brandon Wilson have been demonstrating potential uses for the new security hole, apparently in the belief that the only way accessory makers and those behind the USB standard will work to plug the hole is to turn it into a viable threat. By making their findings truly public, that’s exactly what they have done.
We’re not entirely sure they’ve gone about it the right way, but we do understand what they’re getting at. That said, it does leave USB users in a potentially difficult situation. Those USB memory sticks the everyone seems to give away? Yeah, they could be carrying something malicious that you’re probably not going to get much warning about.
And that’s kinda scary.
So what’s the action which you can take right away? Well, for starters, nothing much really. Since we can’t be so sure how anyone would use the exploit and where it would be used. And yes, as mentioned above, try not to give your USB stick to anyone you have no clue about. Who know your USB might end up being in the wrong hands.
Every bit of precaution here can be potentially lifesaving, but considering where we stand, we shouldn’t worry much about it, just yet.