USB devices are attached to computers every day and most users will be unaware of the risks involved. However, security researchers, Adam Caudill and Brandon Wilson, have written computer code that can be used to exploit a flaw in the software that helps devices connect to computers via USB. The biggest problem they discovered lurks in the onboard software, known as firmware, found on these devices.
The two computer researchers have publicised their findings at the DerbyCon hacker conference last week and have made their attack software freely available via code-sharing site Github. “We’re releasing everything we’ve done here, nothing is being held back,” said Mr Wilson in a presentation at DerbyCon. “We believe that this information should not be limited to a select few as others have treated it,” he added. “It needs to be available to the public.”
The first public disclosure of the USB flaw or BadUSB was made at the Black Hat computer security conference in August by Karsten Nohl and Jakob Lell. Responding to the release of the attack tools Mr Nohl told the BBC that such “full disclosure” can motivate companies to act and make products more secure. “In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.” “It is unclear who would feel pressured to improve their products by the recent release,” he added. “The release is a stark reminder to defenders, though, that BadUSB is – and always has been – in reach of attackers.”
Full story at http://www.bbc.co.uk/news/technology-29475566