Another day, another apocalyptic prognostication of computer security doom, this time focusing on the omnipresent USB connection. It's called 'BadUSB', and it's a malware proof-of-concept created by security researchers Karsten Nohl and Jakob Lell that exploits a flaw in and resides in the firmware that controls the basic function of USB devices. The researchers claim that it's not a problem that can be patched, saying that they're "exploiting the very way that USB is designed," but in the end all they've done is highlight that you shouldn't go around plugging USB drives, devices, or whatnot that you don't trust into your computer.
There are a lot easier ways to hack most any computer, especially when this method requires achieving physical access. As we've said many times before, once you've lost physical control of your device, all bets are off. This is just one more way, although it's exploiting something that we take for granted these days.
Because the BadUSB code lives in the USB firmware of the device, it's not something that can be easily purged from a device. Wiping or reformatting a USB drive doesn't touch the USB firmware, so the malware would still be present. BadUSB could allow any connected computer to be exploited over that connection, with Nohl and Lell offering more traditional exploits from there such as replacing files on the computer with additional malware, acting as a virtual keyboard to execute commands on the computer, or hijacking and spying on internet traffic.
BadUSB is also self-propagating: it can copy itself onto a computer and reprogram the USB firmware of other attached USB devices. It can even reside in non-storage devices, such as smartphones and mice.
While we doubt that this is in fact an impossible-to-patch exploit — certainly, patching the USB firmware on computers to prevent such access seems like a possibility, and very few would likely go through the effort of patching their flash drives — in the meantime it poses a theoretical challenge for users.
But it all boils down to this: Don't plug anything you don't trust into your computer, your smartphone, or your tablet. That's pretty much common sense, though, so just think before you plug your phone into a random computer to charge, or you accept a USB drive from a stranger. Be smart about what you plug into your computer, and (far more importantly) keep your eyes open for the online threats that are coming at you every day in the real world.
We may earn a commission for purchases using our links. Learn more.
How to (try to) get an Xbox Series X or Xbox Series S right now
Everything you need to know about buying an Xbox Series X and Xbox Series S, and where to find stock before it runs out.
Why is PS5 beating the Xbox Series X in comparisons? Microsoft responds.
The Xbox Series X seems to be losing out against the PlayStation 5 in real-world side-by-side tests, and Microsoft has issued a statement. Here's what they had to say.
The Black Friday keyboard deals you need to know about
Getting your hands on a new keyboard is exciting for PC users, and thanks to Black Friday, it's more affordable than ever before. Here's a look at the best Black Friday keyboard deals available now.
AMD Ryzen 9 5950X is the best CPU for the Radeon RX 6900 XT
You've just gone and bought a shiny new AMD Radeon RX 6900 XT GPU, but what processor is best used with the graphics card to get the most out of your gaming PC? We've rounded up the best CPUs to use with this card, in particular, to help you get the best bang for your buck.