Among the numerous demonstrations at Black Hat conference earlier this year was BadUSB. The code was not released at that point. With time passing by, researchers have been able to release the code on the internet.
Brand Wilson and Adam Caudill have now pointed out that they have been able to reverse engineer the gains made by SR Labs earlier this year. They have also been able to duplicate Bad USB’s exploits. The duo of Brand Wilson and Adam Caudill has released the exploit code as they felt that this should be made public. They further clarified that the decision to release the code was taken as SR Labs did not come out clear on the same. The code was kept private by SR Labs till date as it viewed the flaw as un-patchable.
With BadUSB at work, malicious codes get added to device’s firmware controller. The USB devices ranging from keyboard to mike and smartphone have firmware which can be reprogrammed with ease. This is the key weakness which BadUSB exploits.
BadUSB spreads as compromised USB devices can copy the exploits to devices they get connected with. However, it has now emerged that no potential way of being protected against BadUSB is available and every potential devise available is at risk.
Basic design of USB interface gets compromised when BadUSB is at work. New ways of designing USB interface have to be found if the same are to be protected any further.
For now, the protective measures are basic and you should not share USB devices and memory sticks with others. Borrowing other’s USB based charging cables is also not a good idea.