Quantcast

In Brief: Be Mindful of USB Security Risks

By Norman Chan

Don't stick random USB keys into your computer.

At next week's Black Hat security conference, researchers Karsten Nohl and Jakob Lell plan on presenting a demo of malicious software that shows just how fundamentally at-risk the USB protocol is for unprotected computers. Their software, called BadUSB, lives in the firmware of a USB key, not the flash memory. The researchers say that reprogrammed firmware used as malicious code can't be detected by current anti-virus software. And the scariest part may be that the BadUSB firmware can be installed on any USB device, not just memory sticks.