Hackers discover gaping major security flaw in USB sticks

Photo Courtesy of myce.com

You know those USB sticks that you have piled up in a draw somewhere? Yea, they can be vulnerable to malware. Recently, “security researchers published code that spreads itself by hiding in the firmware that controls how USB devices connect to computers”, reports Business Insider.

According to WIRED, “the “BadUSB” vulnerability, first developed by security researchers, has been released online.” If you’re wondering what this means, I’ll break it down: hackers will use this to attack computers.

Now before you start throwing away every USB stick in your home or office, there’s only one USB stick manufacture that you have to watch out for. The USB sticks that were affected were from a manufacturer Phison, based out of Taiwan. A Phison USB stick can infect any type of computer, and it’s unclear at the moment if its able to infect  any other USB device that it’s plugged in after .

Naturally, Phison “repeatedly denied that the attack was possible”.

Here’s how it works

Courtesy of Business Insider

Here’s how Hackers can use this to their advantage

So the way “BadUSB” works is that it makes computers think the USB stick is a keyboard, thus giving a hacker access to type whatever he wants on your screen. One other method could be used for spying. A hacker can watch all the internet traffic through a device, giving he/she a clear view of your browsing habits. That tells a lot about someone.

It all makes sense now

Remember Edward Snowden? How could you not?  Well, one of his leaks revealed that the NSA utilize a spying device called “Cottonmouth”, that uses pretty much the same steps “BadUSB” does. It monitors computers and relays information.

In the end, all you can do is watch out for any Phison USB sticks. Always stay vigilant!

Kevin Raposo

Kevin is KnowTechie's founder and executive editor. With over 15 years of blogging experience in the tech industry, Kevin has transformed what was once a passion project into a full-blown tech news publication. Shoot him an email at kevin@knowtechie.com or find him on Mastodon or Post.