USB’s security is fundamentally broken, researchers claim


German security researchers claim to have identified a serious vulnerability in the fundamental security of USB devices. The SR Labs team is preparing a presentation for Black Hat next week in which they will demonstrate the “BadUSB” reprogramming of the firmware in USB peripherals, such as thumb drives, keyboards and even mobile devices, to allow data theft and the hijacking and surveillance of computers to which those peripherals are attached. Karsten Nohl and Jakob Lell say there are no known defences against such malware, largely due to the way USB works, and possibly even no way to clean up after infection.



Yeah Eli, I almost bought that Admiral Ackbar USB, but then I thought, you know, it’s probably a …


Did USB *ever* have any security? The flaw as described is in USB devices, *NOT* USB itself.


The problem isn’t with USB, it’s with how operating systems treat USB devices. They basically give the device any privileges it asks for, and that’s not the fault of the USB standard, its a flaw in the computer’s operating system.

Comments are closed.