Skip to main content
  1. Home
  2. Computing
  3. News

Security researchers publish code that can be used to exploit BadUSB flaw

Konrad Krawczyk
By

security firm releases proof concept code badusb malware public
Image used with permission by copyright holder
Adam Caudill and Brandon Wilson, a pair of security researchers, published code that could be used to exploit a security flaw dubbed BadUSB.

BadUSB, which was detailed earlier this year by researchers from German firm SR Labs, could be exploited to infect a computer with malicious code and software. However, SR Labs stopped short of releasing code to the public as Caudill and Wilson did. SR Labs opted not to release code in order to give companies that make firmware which controls USB devices time to figure out how to combat the threat posed by BadUSB.

Recommended Videos

Caudill and Wilson believe that by releasing the code to the public, it could force tech firms to scramble and tighten security on USB devices at a faster rate.

While speaking with the BBC, Karsten Nohl of SR Labs said that this move could have the desired effect, but also warned that addressing such a problem is a bit more complex than one might think.

“In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.”

What can a hacker do with BadUSB?

A flash drive with BadUSB loaded onto it, when inserted into a computer, can act has a virtual keyboard. This then permits a hacker to execute malicious commands. BadUSB can also infect controller chips in USB devices which are hooked up to that system.

A USB stick with BadUSB on it can also behave like a network card, and redirect a target’s traffic to malicious websites. Plus, during bootup, a BadUSB-loaded flash or external hard drive can infect a computer’s operating system with a virus before it finishes booting up. These are just a handful of ways that BadUSB can make things miserably for you and your computer.

BadUSB isn’t easily uprooted either, unfortunately.

“Cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” SRLabs says. “The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer.”

Right now, your best defense against BadUSB is to be completely sure that any USB device you plug into your computer comes from a trusted source.

It will be interesting to see what happens now that the code is out there for anyone to download.

Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
A Redditor ‘didn’t know’ about the Steam Deck, so they built their own
The homemade Ryzen Deck sitting on a desk.

It's hard to imagine that anyone interested in portable gaming hasn't heard of the Steam Deck, but one Redditor says they "didn't know" it existed. And because of that, they decided to build their own.

The 3D-printed contraption comes from Raven0606, who shared images of the completed handheld on the r/SBCGaming subreddit, which is dedicated to handheld emulators. The build took nine months to complete, and Raven0606 dubbed it the Ryzen Deck in honor of the Steam Deck (they found out about Valve's handheld halfway through the build process).

Read more
Razer made the best gaming mouse even better
The Razer Viper V3 Pro sitting among its accessories.

The Razer Viper has been one of the best gaming mice you can buy since its inception, and last year's Viper V3 was no exception. Just a few months after introducing the mouse, Razer is taking another swing at the design with the Viper V3 Pro. It promises the same excellent shape, high-performance sensor, and esports-level accuracy, but with a slew of additional features that build on the original design.

I've been testing out the Viper V3 Pro for a few days now. There are enough changes here to warrant a new entry into Razer's growing lineup of competitive gaming mice, and they not only make the mouse more performant, but also more comfortable to use. The $160 price tag is tough to stomach considering Razer's mainstream focus with the original Viper V3. But if you have the cash to spare, this Pro update is worth every penny.
Going for HyperSpeed

Read more
Save $300 on this HP desktop PC with an RTX 3060, 1TB SSD
hp envy desktop pc deal april 2024 te02 1075t

HP has a great discount one the HP Envy TE02-1075t desktop computer for anyone seeking a permanent inclusion in their home office or living room. Usually costing $1,600, it’s down to $1,300 so you save $300. One of the better desktop computer deals around, you can even play games on it making it great value for all kinds of reasons. Here’s what else you need to know before you hit the buy button.

Why you should buy the HP Envy TE02-1075t desktop computer
The HP Envy TE02-1075t has some great hardware contained within a sleek-looking shell which will look great in your home office. It has a 13th-generation Intel Core i7-13700 processor along with 16GB of memory. It also has 1TB of M.2 SSD storage so there’s plenty of storage here plus it’s super speedy. There’s also room for a great graphics card with the Nvidia GeForce RTX 3060 with 12GB of dedicated VRAM ensuring that the HP Envy TE02-1075t is capable of playing plenty of games without any issue.

Read more