Skip to main content
  1. Home
  2. Computing
  3. News

Security researchers publish code that can be used to exploit BadUSB flaw

Konrad Krawczyk
By

security firm releases proof concept code badusb malware public
Image used with permission by copyright holder
Adam Caudill and Brandon Wilson, a pair of security researchers, published code that could be used to exploit a security flaw dubbed BadUSB.

BadUSB, which was detailed earlier this year by researchers from German firm SR Labs, could be exploited to infect a computer with malicious code and software. However, SR Labs stopped short of releasing code to the public as Caudill and Wilson did. SR Labs opted not to release code in order to give companies that make firmware which controls USB devices time to figure out how to combat the threat posed by BadUSB.

Recommended Videos

Caudill and Wilson believe that by releasing the code to the public, it could force tech firms to scramble and tighten security on USB devices at a faster rate.

While speaking with the BBC, Karsten Nohl of SR Labs said that this move could have the desired effect, but also warned that addressing such a problem is a bit more complex than one might think.

“In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.”

What can a hacker do with BadUSB?

A flash drive with BadUSB loaded onto it, when inserted into a computer, can act has a virtual keyboard. This then permits a hacker to execute malicious commands. BadUSB can also infect controller chips in USB devices which are hooked up to that system.

A USB stick with BadUSB on it can also behave like a network card, and redirect a target’s traffic to malicious websites. Plus, during bootup, a BadUSB-loaded flash or external hard drive can infect a computer’s operating system with a virus before it finishes booting up. These are just a handful of ways that BadUSB can make things miserably for you and your computer.

BadUSB isn’t easily uprooted either, unfortunately.

“Cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” SRLabs says. “The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer.”

Right now, your best defense against BadUSB is to be completely sure that any USB device you plug into your computer comes from a trusted source.

It will be interesting to see what happens now that the code is out there for anyone to download.

Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
Even the new mid-tier Snapdragon X Plus beats Apple’s M3
A photo of the Snapdragon X Plus CPU in the die

You might have already heard of the Snapdragon X Elite, the upcoming chips from Qualcomm that everyone's excited about. They're not out yet, but Qualcomm is already announcing another configuration to live alongside it: the Snapdragon X Plus.

The Snapdragon X Plus is pretty similar to the flagship Snapdragon X Elite in terms of everyday performance but, as a new chip tier, aims to bring AI capabilities to a wider portfolio of ARM-powered laptops. To be clear, though, this one is a step down from the flagship Snapdragon X Elite, in the same way that an Intel Core Ultra 7 is a step down from Core Ultra 9.

Read more
Gigabyte just confirmed AMD’s Ryzen 9000 CPUs
Pads on the AMD Ryzen 7 7800X3D.

Gigabyte spoiled AMD's surprise a bit by confirming the company's next-gen CPUs. In a press release announcing a new BIOS for X670, B650, and A620 motherboards, Gigabyte not only confirmed that support has been added for next-gen AMD CPUs, but specifically referred to them as "AMD Ryzen 9000 series processors."

We've already seen MSI and Asus add support for next-gen AMD CPUs through BIOS updates, but neither of them called the CPUs Ryzen 9000. They didn't put out a dedicated press release for the updates, either. It should go without saying, but we don't often see a press release for new BIOS versions, suggesting Gigabyte wanted to make a splash with its support.

Read more
ExpressVPN Deals: Save 49% when you sign up today
Express VPN logo.

VPNs have become pretty important in the modern world, whether it's a matter of unlocking geo-blocked content or providing an extra layer of security to your connection when you're out in public. Luckily, one of the best VPNs on the market has a sale right now that will save you 49% on the regular pricing. You also get a 30-day money-back guarantee to test it out, which is great because there isn't any Express VPN free trial you can take advantage of. That said, if the deal below doesn't quite tickle your fancy, or Express VPN is not the VPN that fits your needs, you can check out some of these other great VPN deals as well.

Today's Best ExpressVPN Deal

Read more