For years USB has been a key tool for storing and transferring digital data but a newly found firmware security flaw questions the reliability of USB based devices. Most of us know that USB can play a carrier for virus and malware and putting a USB into untrusted computer and vise a versa is never a good idea but we use them anyway thinking antivirus can take care of that.But a recent find by security analyst shatter that belief by corrupting USB’s firmware.
According to a report published by Wired hackers can create a malware that could go undetected by antivirus and practically hijack the whole PC. Two security research analysts Karsten Nohl and Jacob Nell told Wired that they have created a malware called BadUSB which can be installed on the USB to hijack a PC, modify stored files and redirect internet traffic.
The security analysts further explain that the malware BadUSB can stay hidden by most security softwares because it dwells in the firmware of USB. The report questions the very design of the USB as it allows malware to hide inside its firmware which should be better protect. Nohl and Nell say that there is no fix for this vulnerability as there is no way to detect a defected firmware.
The analysts suggest that while there is no practical solution for this malware issue prevention can be the key to stay safe. This malware can spread from PC, smartphone, tablet to USB and other way around so it’s important to connect USB in trusted source and viz a viz. The experts advise that if you doubt a USB to be faulty it’s a good idea to change it rather than putting your device’s information at risk.
Nohl and Nell are going to address this finding in the upcoming Black Hat Security conference which is going to be held in Las Vegas from 2-5 August. Hopefully, other security experts in the conference will be able to help find some solution for this firmware fault so we can go back to trusting USB again.