USB attack code that can take over your computer released into wild – and there’s no fix for it

In his talk, Nohl outlined the attack and the problems
it could potentially cause, but kept the precise code
under wraps.
However, in the last week two other researchers –
Adam Caudill and Brandon Wilson – have reverse
engineered the code and have reproduced some of
the BadUSB attacks.
Instead of keeping the exact details of how to make
the malware under wraps, they have published it on
software sharing site Github .
Speaking at a security conference, Caudill said: “If
you’re going to prove that there’s a flaw, you need to
release the material so people can defend against it.”
Fixing the flaw would either need the underlying code
on pretty much all USB devices to be rewritten
completely or the security would need to be
overhauled.
“In my view, it’s highly irresponsible to leak code,”
security researcher David Emm from Kaspersky Lab
told Mirror.co.uk.
“It’s one thing to announce a loophole, but quite
another to create code that exploits the flaw and
publish it. It provides would-be attackers with a
ready-made attack mechanism and puts anyone
using the software or device at greater risk of attack.”
“To use a real-world analogy, it.s the difference
between saying that a particular make of door-lock
has a loophole and publishing instructions on how to
use it to open any door using that lock,” he adds.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s