Each and every personal computer on this planet has a typical USB port, but the new exploit has been discovered as well as detailed by two researchers shows how the USB security will be broken. And most importantly, there is no fix for this issue, maybe, never will be.
Adam Caudill and Brandon Wilson, two researchers has successfully reverse engineered the USB firmware of hundreds of thousands of devices, that allows hackers to insert malicious codes inside the USB devices. This will automatically allow the malicious codes to execute without any inducers, and the reverse engineered code has been released in Github in order to spur action.
The exploit was primarily detailed by a different researcher, Karsten Nohl at BHS conference. Claudia and Wilson thought that it was one of the major issues to be disclosed, so they duplicated the work of Nohl. They made the code public, so that industry can work over it.
The USB controller will be reprogrammed by the exploit and secretly interface with the USB drive, this will perform the action that is coded in the USB drive. For instance, a flash drive can take control of a keyboard and enter the text without the knowledge of computer users. The users cannot remove the code the USB drive and it will be permanently stored on the drive.
In order to patch the whole thing, the manufacturers should design a new security architecture and existing devices should be replaced by the new set of devices. A separate team of researchers are currently working over the exploit to make the things easier.
- Facebook fights spammers and ‘fake likes’ providers
- Next-gen Apple iPads and iMacs to be unveiled on October 16
- Google planning to launch WhatsApp-like standalone messaging app
[ Via ]