Researchers in July claimed that they found a Critical Security Flaw which they termed as a BadUSB . BasUSB allows the attackers to secretly smuggle malware on the devices. What raised the eyebrows is the fact that It is almost undetectable because the changes are done in the Firmware itself. Even Worse is the fact that there is apparently no such fix for this attack.
Anyone who plug-in a USB device are prone to this attack and because the bad code was residing in USB firmware, it was hard to protect against it without completely redesigning the system. But, the Researchers did one good thing , they didn’t Publish the code .
In a recent events at DerbyCon, Adam Caudill and Brandon Wilson announced they had successfully reverse-engineered BadUSB. But what they did wrong is that they published the harmful code unlike the original researchers who have found out about the Flaw.
According to Caudill, the motive for the release was to put pressure on manufacturers. “If the only people who can do this are those with significant budgets, the manufacturers will never do anything about it,” he told Wired‘s Andy Greenberg. “You have to prove to the world that it’s practical, that anyone can do it.”
Moreover , as long as the Hackers can reprogram the Firmware which is very easy , It will remain a serious threat . They only possible way to stop this is by means of full update to the USB Standard itself which means it would take a years to so . As of Now, USB has a huge security problem that could take years to fix .
Have anything to add, say it in comments ………..