Your IT Consultant

BadUSB is Really, Really Bad

August 1, 2014

You should be careful of any e-mail attachments that look suspicious, links that you are unsure of and any USB device that you didn’t specifically purchase. Many commentators have criticized the security of USB as being fundamentally broken. Wired has added more fuel to the fire, by posting the findings of security researchers Karsten Nohl and Jakob Lell.

Next week, the researchers plan to demonstrate a collection of proof-of-concept malicious software that will highlight the insecurity of USB devices. The malware they created is called BadUSB and can be installed on any USB device to do a lot of nasty things to your computer, files and even Internet traffic. BadUSB resides in the firmware of the USB device and not in the flash memory portion. This means it is nearly impossible to counter unless you don’t share USB devices or don’t stick an infected USB device in the port. Doh!

Pretty scary stuff. This is yet another reason to know where data is coming from and the hardware too.

E-mail:   Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.senseient.com