Security researchers publish code that can be used to exploit BadUSB flaw

security firm releases proof concept code badusb malware public
Adam Caudill and Brandon Wilson, a pair of security researchers, published code that could be used to exploit a security flaw dubbed BadUSB.

BadUSB, which was detailed earlier this year by researchers from German firm SR Labs, could be exploited to infect a computer with malicious code and software. However, SR Labs stopped short of releasing code to the public as Caudill and Wilson did. SR Labs opted not to release code in order to give companies that make firmware which controls USB devices time to figure out how to combat the threat posed by BadUSB.

Caudill and Wilson believe that by releasing the code to the public, it could force tech firms to scramble and tighten security on USB devices at a faster rate.

While speaking with the BBC, Karsten Nohl of SR Labs said that this move could have the desired effect, but also warned that addressing such a problem is a bit more complex than one might think.

“In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.”

What can a hacker do with BadUSB?

A flash drive with BadUSB loaded onto it, when inserted into a computer, can act has a virtual keyboard. This then permits a hacker to execute malicious commands. BadUSB can also infect controller chips in USB devices which are hooked up to that system.

A USB stick with BadUSB on it can also behave like a network card, and redirect a target’s traffic to malicious websites. Plus, during bootup, a BadUSB-loaded flash or external hard drive can infect a computer’s operating system with a virus before it finishes booting up. These are just a handful of ways that BadUSB can make things miserably for you and your computer.

BadUSB isn’t easily uprooted either, unfortunately.

“Cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” SRLabs says. “The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer.”

Right now, your best defense against BadUSB is to be completely sure that any USB device you plug into your computer comes from a trusted source.

It will be interesting to see what happens now that the code is out there for anyone to download.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Computing

The Andromeda botnet still lingers as nations struggle to clean infected PCs

A report by Fortinet suggests that although the FBI and Europe ended the Andromeda botnet’s reign in late 2017, there are still infected PCs. Cleaning up these PCs isn’t progressing at the same pace across various regions.
Smart Home

White-hat Chinese hackers turn Alexa into a spy, briefly

A team of Chinese researchers revealed this week that they were able to use a cracked Amazon Echo to exploit a series of Alexa interface flaws to take control over an unteuched Echo running on the same network.
Mobile

Bloatware could be putting millions of Android devices at risk

A study has revealed that changes to Android's firmware and added bloatware from carriers could be making millions of Android smartphones vulnerable to massive hacks and potential data theft.
Emerging Tech

Buying on a budget? Here’s all the best tech you can snag for $25 or less

We live in a world where you can get a cheeseburger for $1, a functioning computer for $5, and thousands of HD movies for $10 -- so it stands to reason that you should be able to pick up some pretty sweet gear for $25.
Computing

Australian student hacks into Apple, steals 90GB of data because he’s a ‘fan’

A 16-year-old student in Australia broke into Apple’s network multiple times for an entire year to download 90GB of “secure” data and access customer accounts. He did this because he was a "fan."
Web

Google claims censored search in China is ‘not close’ as employees protest

Google CEO, Sundar Pinchai, has promised employees that the company is "not close" to releasing a censored search product in China, despite claims that it was working on such a project.
Web

Adobe Spark Page makes web design easy — here’s how to use it

Using artificial intelligence and simple tools, Adobe Spark Page is designed for easy web page design. Here's how to use Adobe Spark Page to create a travel journal, event page or any other one-page website.
Deals

Best Buy drops the price of MacBooks for its anniversary sale

It's not every day you see a MacBook sale like this, so you'll definitely want to consider these savings -- especially if you're a student. Students can save an additional $150 just by signing up for Best Buy student deals.
Deals

Walmart Back to College sale: Save big on computers, TVs, tablets, and more

Walmart's Back to College sale is your chance to score big discounts on name-brand electronics, so whether you're getting ahead of the new school year or just doing some shopping, we've picked out the best deals that can save you hundreds…
Computing

Qualcomm’s Snapdragon 850 chip appears in benchmarks with improved performance

A benchmark for Qualcomm’s new Snapdragon 850 processor show a less-than-stellar increase in multi-core performance over the previous 835 chip. Introduced in June, the Snapdragon 850 promises up to 30 percent better performance.
Computing

These 30 apps are absolutely essential for Mac lovers

There are literally hundreds of thousands of great software programs compatible with MacOS, but which should you download? Look no further than our list of the best Mac apps you can find for the latest MacOS and how they can help out your…
Computing

Apple’s rumored entry-level MacBook may appear in September starting at $1,200

Apple may reveal new products in September including an entry-level 13-inch MacBook based on Intel’s seventh-generation processors. Apple originally intended these units to rely on Intel’s now-delayed 10nm “Cannon Lake” processors.
Mobile

AirDrop makes sending files to Apple devices easy -- here's how

Want to send files or photos to your friends when you're standing directly beside them? Instead of texting or emailing, why not learn how to use AirDrop? Here's everything you need to know about using AirDrop on both iOS and MacOS.