USB security is fundamentally broken, claim security experts

USB Mavericks

According to findings by researchers Karsten Nohl and Jakob Lell, USB security may be profoundly broken, with no way around it.

Nohl and Lell have highlighted a flaw in USB devices which potentially offer hackers the ability to sidestep all currently known security measures used by a computer. Called the BadUSB exploit, the vulnerability allows hackers to meddle with the firmware which controls the functions of various USB plug-ins, such as mice, keyboards and thumb drives.

Wired notes:

“Once a BadUSB-infected device is connected to a computer, Nohl and Lell describe a grab bag of evil tricks it can play. It can, for example, replace software being installed with with a corrupted or backdoored version. It can even impersonate a USB keyboard to suddenly start typing commands. ‘It can do whatever you can do with a keyboard, which is basically everything a computer does,’ says Nohl.”

The solution? According to Nohl and Lell, nothing less than banning the sharing of USB devices, or filling your USB port with superglue will do. According to the “new way of thinking” about USB security, users should consider a USB infected and throw it away as soon as it touches a non-trusted computer.

“These problems can’t be patched,” says Nohl. “We’re exploiting the very way that USB is designed.”

The pair will be presenting their research at the Black Hat security conference in Las Vegas later this week.

We guess a whole lot of computer scientists need to get back to the drawing board right about now…

About the author

Luke DormehlLuke Dormehl is a UK-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Formula: How Algorithms Solve All Our Problems, And Create More and The Apple Revolution, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme, and other publications. He'd like you a lot if you followed him on Twitter.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , |