Trouble Ahead: BadUSB exploit code has been made public

USB

Remember BadUSB? The proof of concept exploit from about 2 months ago which demonstrated that USB firmware could be reprogrammed to act as malware? Well, now the code that makes this possible has been released in the wild.

Researchers Adam Caudill and Brandon Wilson have published code that can make USB firmware act as a keyboard, which can issue malicious commands to any computer to which it connects. The researchers state that they have done so to place pressure on USB manufacturers so that the issue is fixed. Of course, as a side effect, the code is now freely available to malware writers and hackers around the world.

In an interview with Wired, the researchers also mention that they are working on an exploit that could invisibly inject malware into files that are copied from a USB to a computer. Such malware would then also be able to infect any other USB drive that connects to the infected computer. Furthermore, because it would exist in the invisible-to-user firmware portion of the device, instead of the flash memory, this malware would be extremely difficult for most people to detect, let alone remove. As yet, Caudill and Wilson have not released this more serious exploit, and do not know if they ever will because it would likely lead to a “USB-carried malware epidemic.”

Now that at least one type of exploit has been made public, though, it is likely that it will be adopted for malicious use. For this reason, we can only recommend USB file sharing with extreme caution – if at all – and only in conjunction with an anti-malware that is able to prevent unregistered threats through use of behavior blocking technology.

Have a nice (malware-free) day!

 

  • Legend

    Quote: ” As yet, Caudill and Wilson have not released this more serious exploit, and do not know if they ever will because it would likely lead to a “USB-carried malware epidemic.”….. But the idea has been release now, for the malware creators/Industry to pursue. So in my perspective, is the damage already done.