Be careful what you put in those USB ports! A new security threat was born recently at the Derbycon hacking conference in Kentucky, when developers released the framework for a USB hack capable of turning a USB device into what Mashable considers a “system-lethal weapon.”
Yikes.
This hack, deemed “BadUSB” by its creators, is a new security flaw taking advantage of the “universal” part of the term “Universal Serial Bus (USB).” Rather than conventional security issues like malware and viruses that infect your computer or network from within, BadUSB enables an ordinarily nonthreatening USB device to discreetly interact with your computer (steal information, or worse) straight through the USB port.
Because the threatening component exists in the USB device’s firmware, instead of on the drive’s storage, it’s out of reach for normal precautions—like antivirus software—which cannot detect the invisible behavior of this exploit.
BadUSB can be targeted towards anyone. Anyone.
A vast quantity of modern tech devices support (and depend on) USB technology, which is convenient in that it produces some standards between different types of technology. This is also an enormous vulnerability, however—because this exploit is now available to the public, every interaction you have with an unfamiliar USB device needs to be taken with caution.
While this has the potential to be a widespread issue, right now this specific vulnerability isn’t prevalent in the wild. What this draws attention to is the fundamentally insecure nature of USB peripheral devices.
That said, the number of people who could perform the steps necessary to reprogram a USB drive with this exploit is very small. A rudimentary explanation of how the BadUSB firmware works can be found on the developer’s own website.
While there aren’t yet any documented solutions to this hazard, you can be sure that Newmind will broadcast these details as soon as they become public. This flaw hits the design of the USB at such a fundamental level that we’re going to see this rippling through the industry for some time before a true fix is discovered and available. Until then, the most that we can offer are the common-sense precautions given by security powerhouse Symantec
And here are a few more tips from our Managed Services Team:
It was only a matter of time before this technology was produced by a more dangerous source, so if they could create it first and softly publicize it, it might show the industry how urgently this must be addressed, and kickstart the actions needed to douse the issue before it becomes a widespread problem.
So is it a noble cause? That’s for the individual to decide. Regardless, it’s already making a serious impact on the technology industry.
Do you think this framework should have been publically released? Or should they have only shared it with security companies?
Relentless digital innovation has defined the last few years. The symbiotic relationship between AI and…
Browser extensions have become as common as mobile apps. People tend to download many and…
Staying ahead in business often means embracing cutting-edge technologies. New tools can unlock new avenues…
In the digital age, data is the lifeblood of businesses. It fuels operations, decision-making, and…
The integration of smart home devices has become synonymous with modern living. They offer convenience,…
Microsoft 365 has a powerful suite of cloud-based productivity tools. They can help you work…