Security specialists have just released new proof-of-concept malware that means your USB memory stick could compromise your entire system. Karsten Nohl and Jakob Lell plan to release their BadUSB malware at the Black Hat cybersecurity convention next week.
The malware is designed to highlight design flaws present in every USB stick, and might make companies rethink how they treat security. Here's what a flash drive infected with BadUSB can do after being plugged into a PC:
- Take over a PC
- Alter files invisibly
- Redirect a user's Internet traffic
- Install new malware to a PC
It's not a pretty picture, to say the least. The danger lies within how easy it is to rewrite a device's firmware. Firmware is the backbone of all electronics, but most computer devices have rewritable firmware. The possibility of hackers being able to invade your system by popping a USB stick into any PC is even scarier.
“We’ve all known if that you give me access to your USB port, I can do bad things to your computer,” says University of Pennsylvania computer science professor Matt Blaze. “What this appears to demonstrate is that it’s also possible to go the other direction, which suggests the threat of compromised USB devices is a very serious practical problem.”
How do you stay safe? Don't let anyone put an unknown USB stick into your computer. Ever.