Most people reading this probably already know that the internet, and most devices connected to it, are inherently unsecure. Any computer, any server, any device can be eventually broken into, destroyed, or repurposed for nefarious purposes, oftentimes without the owner’s knowledge. And the trusty USB memory stick is no exception.
Wired is reporting that a software hack, aimed at rewriting a USB stick’s firmware, is now in wild. The code comes directly from security researchers who believed publishing the info was the only way to force companies into taking action and fixing the problem.
According to them high-level agencies like the NSA might have already had access to such code and they may already be exploiting this vulnerability. However, now that everyone knows about it companies will be forced to take action.
But what’s so bad about this, you might be asking yourselves. After all it’s only a USB stick how much harm could it do? Unfortunately the answer is a lot. An attack using this technique, called BadUSB was demonstrated by a security researcher.
By connecting a corrupted stick to a PC he was then able to inject keystrokes, hide malware inside the stick’s firmware, inject executables, and possibly spread the corruption further to other USB devices.
And the worst part of this whole thing, is that due to the way the infection spreads and operates, infected devices are almost undetectable and unpatchable. And it could all blow up in an epidemic-style spreading pattern that could quickly engulf the whole digital world.
If this sounds scary that’s because it is. We live in an ever-more tightly connected world, where our devices and the internet have become the lifeline to our society. As such, thinking about security should always be a top priority, not an afterthought imposed by scandals and disasters.