USB malware to render devices 'untrustable'

BadUSB project will show how undetectable malware can be injected into firmware of USB controllers

USB stick

Security researchers plan to show how USB devices can be reprogrammed with untraceable malware at the latest BlackHat Security conference in Las Vegas next week.

The project, dubbed BadUSB', was the brain child of security researchers at SR Labs, Karsten Nohl and Jakob Lell. They developed the malware after reverse engineering firmware used to control the movement of data in USB sticks.

BadUSB malware works by reprogramming a USB device, not just storing the malware within the memory. It can be set up to emulate a keyboard, steal data, spoof network cards and even install viruses prior to booting. 

Worryingly, the researchers claim their malware is not restricted to memory sticks. It could be modified to infiltrate any USB-connected device. A popular target could include smartphones, which are regularly connected to PCs for data transfer and charging purposes.

Advertisement - Article continues below
Advertisement - Article continues below

The researchers claim there is no way to detect their malicious BadUSB code because it is buried within the firmware. Security software will not pick up malware as they don't scan the firmware when looking for malicious code.

"To make matters worse, cleanup after an incident is hard: Simply reinstalling the operating system the standard response to otherwise ineradicable malware does not address BadUSB infections at their root," it was noted in an SR Labs blog post.

"Once infected, computers and their USB peripherals can never be trusted again."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020