Friday, August 01, 2014

New malware can live inside any USB device undetected

Source: http://www.engadget.com/2014/07/31/badUSB-malware/

USB Stick Key on KeyboardUSB Stick Key on Keyboard

It turns out that the stalwart USB thumbstick, or any universal serial bus device, isn't as trustworthy as once thought. A pair of security researchers has found we need to worry about more than just malware-infected files that are stored portable drives, and now need to guard against hacks built into our geek-stick's firmware according to Wired. The proof-of-concept malware Karsten Nohl and Jakob Lell have created is invisible and installable on a USB device and can do everything from taking over a user's PC to hijacking the DNS settings for your browser. Or, if it's installed on a mobile device it can spy on your communications and send them to a remote location, similar to the NSA's Cottonmouth gadgets. If those don't worry you, perhaps that the "BadUSB" malware can infect any USB device -- including keyboards -- and wreak havoc, will. What's more, a simple reformat isn't enough to disinfect either, and the solution that Lell and Nohl suggest goes against the core of what many of us are used to doing.

The duo says that the only way around BadUSB is to more or less treat devices like hypodermic needles; trusting only those that have been used within our personal ecosystem and throwing away any that've come in contact with other computers. Hopefully you don't have a ton of untrustworthy Porsche sticks laying around.

[Image credit: Getty Images]

Filed under: ,

Comments

Via: Gizmodo Australia

Source: Wired