How many USB devices do you own? At this moment, you probably have one or more of them connected to your computer. USB devices are everywhere, and they come in the form of flash drives, webcams, keyboards, and so on. One of the attractive things about a USB connection is that you just plug in a device and it works. That convenience, while nice to have, presents a real danger.
For years, many computer users have just plugged in USB devices without putting much thought into any vulnerabilities they might present, but hackers have found ways to prey on the carefree nature of USB usage. You may remember the Stuxnet worm that targeted nuclear facilities in Iran. USB flash drives were used to initiate the infections, and this brought a lot of attention to how USB devices could play a key role in IT attacks.
Fast-forward a few years to today and USBs are a hot security topic once again because of details revealed by security researchers about an exploit called BadUSB. Essentially, the BadUSB hack makes it possible to reprogram the firmware on USB devices, which means that they can then be used maliciously. Since the majority of USB devices will just accept any firmware update that they’re offered, it’s really difficult to know if the firmware on your device is secure or not.
That said, any malware introduced via USB can be detected, depending on the payload. It is why we can consider #BadUSB as being a means to install malware on a machine rather than being a specific virus or malware itself.
Because of the insidious way in which this hack works, protecting yourself from it is really difficult at this point. One of the most logical things that you can do is to make sure that the USB devices that you use have remained only in your possession. USB flash drives in particular tend to get passed between people on a regular basis, but based on this new information, that’s not always such a good idea.