Computer users pass around USB sticks like silicon business cards. Why the Security of USB Is Fundamentally Broken http://www.wired.com/2014/07/usb-security/ article tells that we typically depend on antivirus scans and the occasional reformatting to keep our thumbdrives from becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work. The security of USB devices has long been fundamentally broken: USB firmware,(which exists in varying forms in all USB devices) can be reprogrammed to hide attack code and USB device can completely take over a PC. USB firmware on many USB devices could be reprogrammed by malware on that PC, converting an innocent device to attack tool. All this is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue. The short-term solution to BadUSB isn’t a technical patch so much as a fundamental change in how we use USB gadgets.
201 Comments
Tomi Engdahl says:
Hidden HID v2 Puts a “Rubber Ducky” Keystroke Injector Inside Any USB Type-A Port
Second-generation revision is harder to spot and easier to trigger, thanks to a light-based arm/disarm system.
https://www.hackster.io/news/hidden-hid-v2-puts-a-rubber-ducky-keystroke-injector-inside-any-usb-type-a-port-9257c6458176