The next time someone passes you a USB flash drive to plug into your computer, you might be a wee bit more wary. After all, researchers have successfully reprogrammed USB flash drives in order to have them infect computers on the quiet. According to the researchers involved, they claimed to have reprogrammed some USB flash drives’ firmware with malicious code, and this code will run via the gadget’s micro-controller in order to install malware on a computer as well as redirect network traffic without the victim being any wiser for it.
Karsten Nohl and Jakob Lell, who hail from German security firm SR Labs, did spend a fair number of months analyzing such software and micro-controllers that have been embedded within a select group of USB devices, and touted that they were able to hid in the flash ROM of these devices undetectable malware.
The software has been dubbed BadUSB, and it is installable within select USB flash drives as well as in other devices that feature a supported or compatible micro-controller. Not only that, it is virtually impossible to remove from the device, at least for the layperson since it would require the necessary tools and technical know how to reprogram such firmware. SR Labs claims that “no effective defenses from USB attacks are known.” Now that’s a chilling thought!