Skip to main content

Uh oh, the humble USB has a serious security problem

So sinister, you won't even know it's there

Ah, the USB. The framework holding our digital lives together. The one we can always rely on. And no matter how many times we pull you out without ejecting first, you still work anyway. USB, we love you.

But the USB could also become a weapon of mass digital destruction. According to Wired, security researchers have reverse engineered the firmware that controls basic USB functions.

But even worse, they've written a piece of malware called BadUSB that can be put onto a USB and "completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user's internet traffic." That doesn't sound too good to us.

Hidden in plain sight

Because the malware is actually hidden in the firmware, be it on a thumb drive or a keyboard, it's very, very difficult to delete. "You can give it you your IT security people, they scan it, delete some files, and give it back to you telling you it's 'clean'," said security researcher Karsten Nohl.

"The cleaning process doesn't even touch the files we're talking about."

The pair of researchers will be demonstrating their findings at the Black Hat security conference in Las Vegas. But for now, you're best advised to not go sticking your USBs into any computers you don't trust.