USB has been incredibly useful for consumers and manufacturers alike. The standardized interface makes it incredibly easy to connect just about any type of peripheral to your computer. It has become so ubiquitous that there are hardly any peripherals to don’t feature it. One of the biggest uses for it is for external storage either through a hard drive or a flash memory stick. But what if I told you that you should be extremely careful because plugging an unknown USB device into your computer could infect it with a virus or malware? That is precisely the problem that computer users are now facing with a flaw that has been named .
The reason that USB is so easy to use is that it has a standardized hardware interface for quickly and easily communicating between the device and the computer. The problem is that when a USB device is plugged in, the firmware communicates with the controllers to identify what type of device it is. This allows the computer to use the necessary drivers to allow proper communication. The issue is that if the firmware of the USB device is reprogrammed into a different type of class of device, it can be used to record data, issue commands to the computer, rewrite firmware of other USB devices or even install malware on the computer all automatically.
Why its a Really Big Problem
The level at which the malware can be injected into the USB device and infect computers is done at such a low level of the USB operation that there is no easy way to patch the problem. Software patches may prevent some of the malicious activities but it can’t completely prevent them without the whole USB standard being redesigned which is near impossible. To rewrite the USB standard would mean no backward compatibility with older devices which is one of the cornerstones of why the interface became so popular and easy to use.
BadUSB Code Released
While the initial notice of the security flaw was announced in 2014 at a BlackHat security conference, actual . This means that there is code that could exploit specific USB devices and computers that hackers can get and use. At this point, it isn’t just a theoretical thing but something that can actually impact users.