USB devices have become an integral part of computer users in this internet age. Despite their tremendous usage, security researchers have always warned against the dangers of malicious files that the infected USB sticks pose.
In this series, two researchers from SR Labs have found a fundamental flaw in the working of the software of USB sticks, which they say are much more dangerous threat that is more difficult to be solved.
The computer researcher revealed that the USB devices including keyboard, thumb-drive and mouse can be used by the hackers to hack your personal computers in a potential new form of attacks. These attacks can also evade all known security protections.
Berlin-based security researchers Karsten Nohl and Jakob Lell reverse engineered the firmware that controlled USB functions like controller chips that connect a USB device to a computer so that the files can be transferred. The firmware, which can be reprogrammed with malicious code, is virtually untraceable, the researchers found.
Researchers say every USB device has the firmware and also has the controller chip. The chip is a component which helps in establishing smooth communication between the device and the PC to which it is plugged in.
The researchers concluded that the glitch is not only limited to loading a USB drive with malware but it is extended to the core of in which the technology works.
They say the malicious code on the firmware is usually hidden an untraceable. Even the anti-virus scanners fail to scan it. The formatting of computers is also ineffective.
To prove their instance, the researchers developed a malware known as ‘BadUSB’. It was designed in such a way that it can be used to entirely take over a computer, hinder files invisibly and redirect Internet traffic of the user.
The security researchers have planned to present the details of flaw at the Black Hat security conference in Las Vegas next week.