Click to Skip Ad
Closing in...

The scariest USB hack of all-time is almost completely undetectable

Published Jul 31st, 2014 3:24PM EDT
BadUSB USB Stick Hack

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

When you plug a USB stick into your laptop, you probably aren’t too worried about it completely taking over your computer. However, Ars Technica reports that researchers at Security Research Labs in Berlin are scheduled to unveil a new exploit at the Black Hat conference in Las Vegas next week that will allow an infected USB stick to take over your computer and use it to execute malicious code.

The researchers have found a way to hack USB sticks so that once you plug them into your computer, it can make your machine “act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations.” And this technique doesn’t just work with standard USB sticks but also with Android phones, cameras, keyboards and pretty much any device you can connect to your machine through a USB port.

“If you put anything into your USB, it extends a lot of trust,” Karsten Nohl, Security Research Labs’ chief scientist, explained to Ars. “Whatever it is, there could always be some code running in that device that runs maliciously. Every time anybody connects a USB device to your computer, you fully trust them with your computer. It’s the equivalent of [saying] ‘here’s my computer; I’m going to walk away for 10 minutes. Please don’t do anything evil.”

Worst of all, this sort of malicious activity is almost impossible to detect through conventional means, as virus scans done with machines infected via the USB exploit will turn up nothing. The researchers have found that the only way to effectively figure out whether a device is infected is to take it apart and reverse engineer it.

We’re definitely eager to see the researchers’ full presentation at Black Hat next week.

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.