The flaw that was detected back in August by some security researchers that could exploit any USB device has now been made public by the researchers for everyone to see it. Anyone with a little knowledge about exploiting computers can easily do that by using the exploit code which is available at the GitHub.

The exploit was created by SR Labs researcher Karsten Nohl and Brandon Wilson, who wanted to demonstrate that USB connections can be easily exploited, and there isn’t much manufacturers can do to protect the users from it.

“The belief we have is that all of this should be public. It shouldn’t be held back. So we’re releasing everything we’ve got. This was largely inspired by the fact that [SR Labs] didn’t release their material. If you’re going to prove that there’s a flaw, you need to release the material so people can defend against it,” they said in an interview.

They both have released the code in the name of BadUSB on the GitHub. The researchers wanted it to be public as it will help companies and vendors to do best to their users from these attacks.

“If this is going to get fixed, it needs to be more than just a talk at Black Hat. If the only people who can do this are those with significant budgets, the manufacturers will never do anything about it. You have to prove to the world that it’s practical that anyone can do it…That puts pressure on the manufacturers to fix the real issue.”

According to some reports, Microsoft, Apple and other few companies are already working on it to release a fix that do not allow the attack to be executed on their computers.

5 Responses

  1. BDUAres

    Karsten Nohl and Brandon Wilson should be charged with the same types of criminal charges as those people caught creating and distributing a serious destructive virus, because in essence that is exactly what they have done. They got mad that the company they worked for wouldn’t release it, so they didn’t get their niche fame and “professional acknowledgement” for their work, so they released it into the wild like scorned mad scientists, with the obvious potential and obvious goal of causing worldwide destruction of computer data and equipment on a scale that has never before been seen.

    This is akin to starting the detonation timer on a nuke in a large city and telling the people here they have to disarm it themselves or get blown up while claiming you did it for the purpose of “helping” them.

  2. Doog

    It wouldn’t be on your USB. I can alter the firmware on my USB and plug it into your PC and take it over. This is similar to what happened to the Target stores attack I think. You aren’t really at risk it personally this is more of a big business concern.

  3. Arezzo

    Web news sites all crib their stories from each other, like a game of pass-it-on, losing information and gaining bad grammar with each iteration.

  4. normy

    NO information as to exactly where the danger comes from! Does the malware have to be (deliberately) put on the USB drive, which then infects the PC? If I run antivirus on all files on my PC and only put clean files on my new USB drive, then what’s the problem?


Leave a Reply

Your email address will not be published.

I accept the Privacy Policy

This site uses Akismet to reduce spam. Learn how your comment data is processed.