Thu October 2, 2014
Pair of researchers engineer hack, post code to shame companies into action
Security researchers Adam Caudill and Brandon Wilson have published source code for a theoretically unpatchable USB firmware bug called "BadUSB." First revealed at at the Black Hat security conference in July, the two researchers who reverse engineered the original finding say that they did it for the public good, and "so people can defend against it." Further more severe exploits are possible using this method, but Caudill and Wilson are hesitant to release them, fearing more dangerous exploits.All USB devices have firmware, which dictates how the item communicates with a host computer. The flaw isn't limited to USB mass storage, and can be implemented in nearly any USB peripheral, including input devices. The original researcher, Karsten Nohl, demonstrated the flaw with an Android phone plugged in through USB as a vector of attack.
Full Article