We all use devices USB in our digital life. A new research first published by Wired reveals that there is a fundamental security flaw in the way the Universal Serial Bus works, and could be used to dissolve any computer.
Wired reports that security researchers Karsten Nohl and Jakob Lell have been able to reverse engineer the firmware that controls USB's core communications capabilities. Then they also wrote a malware called BadUSB, This malware can be "installed on a USB device and take full control of a computer. The malware is invisible and does not modify the files on the memory stick.
Built-in inside USB devices there is a controller chip that allows the device and the computer that is connected to send and receive information. That's where the Nohl and Lell intervened. This means that their malware is not sitting in flash memory but hidden in the firmware, making it undetectable by everyone, even by the most technically savvy. Lell told Wired:
You can give it to security researchers, detect it, delete some or all of the files, and give it back to you saying it 'clean'. The hack cannot be repaired. "
The worrying fact, of course, is that researchers will present the hack at the upcoming Black Hat security conference in Las Vegas. As the researchers say, the flaw can be exploited on any portable disk, mice, keyboards and even Android smartphones. (Theoretically, it could work on any USB device that its firmware can be reprogrammed).
Dimitris hates Mondays...
