We all use devices USB in our digital lives. A new investigation first published by Wired reveals that there is a fundamental security flaw in the way Universal operates Serial Bus, and could be leveraged to take apart any computer.
Wired reports that security researchers Karsten Nohl and Jakob Lell managed to reverse engineer it engineering στο firmware που ελέγχει τις βασικές functions USB communication. Then they also wrote a malware they called BadUSB. This malware can "install itself on a USB device and take full control of a computer. The malware is invisible and does not modify the files on the memory stick.
Embedded inside USB devices is a controller chip, which allows the device and the connected computer to send and receive information. That's exactly where Nohl and Lell's intervention was. This means that the malware their doesn't sit in flash memory, but is hidden in the firmware, which makes it undetectable by everyone, even the most tech-savvy. Lell reported to Wired:
You can give it to security researchers, detect it, delete some or all of the files, and give it back to you saying it 'clean'. The hack cannot be repaired. "
The worrying thing, of course, is the fact that the researchers will present the hack at the upcoming security conference Black Hat in Las Vegas. As the researchers report, the flaw can be exploited in any portable disk, in mice, keyboards and even in Android smartphones. (In theory, it could work on any USB device whose firmware can be reprogrammed).