Get Our NewsletterWIRED’s biggest stories delivered to your inbox. USB sticks like silicon business cards. Although we know they often carry malware infections, we depend on antivirus scans and the occasional reformatting to keep our thumbdrives is usb a patch communication system becoming the carrier for the next digital epidemic. But the security problems with USB devices run deeper than you think: Their risk isn’t just in what they carry, it’s built into the core of how they work.
That’s the takeaway from findings security researchers Karsten Nohl and Jakob Lell plan to present next week, demonstrating a collection of proof-of-concept malicious software that highlights how the security of USB devices has long been fundamentally broken. The malware they created, called BadUSB, can be installed on a USB device to completely take over a PC, invisibly alter files installed from the memory stick, or even redirect the user’s internet traffic. Nohl, who will join Lell in presenting the research at the Black Hat security conference in Las Vegas. We’re exploiting the very way that USB is designed. In this new way of thinking, you have to consider a USB infected and throw it away as soon as it touches a non-trusted computer. Nohl and Lell, researchers for the security consultancy SR Labs, are hardly the first to point out that USB devices can store and spread malware.