Researchers claim that they have been able to reprogram USB drive firmware with malicious code.
According to The Register, code executed by the gadget’s micro-controller cany install malware on a PC or redirect network traffic without a victim knowing. Karsten Nohl and Jakob Lell, from German security skunkworks SR Labs, spent months analysing the software and micro-controllers embedded in particular USB devices, and said they have found they could reliably hide, in the flash ROM, malware that’s undetectable to today’s antivirus tools – and it’s very, very effective.
They called the software BadUSB, and it can be installed in anything using a compatible micro-controller. The two will present a full technical talk and proof-of-concept code at next week’s Black Hat conference in Las Vegas.