We are all familiar with viruses and malware and we are all used to seeing it infect our operating system of choice.
In most cases security threats have been OS-specific. There are Windows threats and Apple OSX threats and even Linux does not escape. There are even the rare cross platform threats thanks to Java.
This latest discovery however is a whole new ball of wax.
The threat dubbed BadUSB is a theoretical threat that has been discovered in the way USB devices can be exploited that is undetectable and capable of spreading not only on the USB drives we use everyday but also the cameras, keyboards, mice, printers, scanners and pretty much any other USB device.
The threat is in the firmware of the USB controller found on all USB devices and on all computer systems with a USB port.
The flaw is that a USB device could have code injected into its firmware and plugged into a computer.
At this point the USB device now writes a copy of itself into the computer’s USB firmware and any other device plugged into the infected computer now will have its own firmware rewritten.
The process is not picked up by the operating system so at this point there is no way of telling if your computer has been compromised. New techniques will be needed to detect and manage this threat and in the meantime everyone should be very careful when using a USB device that can not be guaranteed clean.
- Avoid using someone else’s USB device.
- Use cloud services, networks or CD/DVD media to store/transfer data between systems.
- Share alerts such as this one with friends and keep watching for updates.
At this point the threat can only be confirmed as theoretical but there is no confirmation if this has actually made it into the wild based on the nature of the threat.
No doubt I will be talking about this soon.