USB security is fundamentally broken

That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Because BadUSB resides not in the flash memory storage of USB devices, but in the firmware that controls their basic functions, the attack code can remain hidden long after the contents of the device’s memory would appear to the average user to be deleted. And the two researchers say there’s no easy fix: The kind of compromise they’re demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue.

Frightening.



  • Dave Brandt

    Well, yeah. If you have physical access to the device, all bets are off. It seems that the successful attack on the Iraq nuclear centrifuges (“Stuxnet”) used USB sticks. The Siemens PLCs were not on the network but the workers got upgraded firmware off the net. In the process of pulling it down, the worm got transferred to the USB stick and then plugged into the controllers where it self-destructed the centrifuges.

  • James Hughes

    Could this be used with EFI.

    • dr.no

      Apple is not writing firmware for USB chips sitting in either their devices or third party peripherals. They get them from Intel and other chip manufacturers.

  • lucascott

    I wouldn’t say frightening at this point. Disconcerting perhaps but not frightening. And why not? Because it’s theoretical talk. Show me that it works, that it works despite things like Gatekeeper, admin passwords etc and I might be frightened. But until I see them walk up to my “requires password to walk up from sleep” macbook with Gatekeeper at ‘only app store’ and all the built in firewalls at the most secure and do anything. or even better to my iMac with all the same settings AND a firmware password and do anything, I can’t really be frightened about this

  • Lukas

    Firewire and Thunderbolt are even more broken. If somebody has access to your hardware, you’re probably screwed. That has always been true, and will likely always be true.

    • Guestwhat

      Interesting, do you have a link?

    • http://www.laugh-eat.com/ kyron

      indeed, please share