This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”

ars technica ^ | July 31 2014, 6:21am -0700 | Dan Goodin

[Utilizer]

This thumbdrive hacks computers. “BadUSB” exploit makes devices turn “evil”

Per FR posting rules, ars technica can not be posted, so a link to the article referring to USB thumbdrives hacking computers is listed instead. Ignore the "source url", it just points back to the FR website. Article here:

http://arstechnica.com/security/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/

[Utilizer]

Now we know that USB devices can be used to hack your computer when configured in non-standard fashions. Those of us who do any traveling should take note.

Mods, let Me know if there is a better way to post this please.

[Catmom]

I like Bad Santa better!

[Utilizer]

*snicker* Bad Girls (like Naughty Cats) can be quite fun as well, don’tcha know. *grin*

[GraceG]

Here is one I want to give to the IRS with the following script:

FIND -search C:\ *.pst >> COPY http:\\freerepublic.com/post

(I know that is not a valid command, I am being cheeky)

[Utilizer]

Well, I would guess you are a lot nicer than I would be.

Me, I'd just insert a generic "format /dev/sda1", with the 'non-verbose' and 'assume yes for all; flag turned on...

[ShadowAce]

[glorgau]

The gist of the problem is that the basic design of USB allows direct memory access (both ways) between the usb device and the host computer. Scary, scary, scary.

[bigbob]

nice posting exploit

[Scrambler Bob]

m4l

[Utilizer]

Well... technically, I did not post the article. Just pointed out that arstechnica had one and provided a link.

The importance of the discovery of a hacking exploit that can affect so many computer users warranted at least a mention, I believe.

[Utilizer]

Thanks, mate.

[Carriage Hill]

I’ve never heard of *arstechnica* before; is it unsafe to go there to read the article?

[Utilizer]

No, it is not unsafe. It is a site for technical information and the IT crowd, and one of those who object to their articles being reposted on other sites.

They prefer that you go to their site instead to read the articles and collect the hits, so we oblige.

[logi_cal869]

The importance of the discovery of a hacking exploit that can affect so many computer users warranted at least a mention, I believe.

Agreed. Had you not, I was just about to (til I searched and saw your post).

[Utilizer]

Glad to help. :)

[Carriage Hill]

Okay, thanks; will do.

[rarestia]

ARS Technica is a tech nerd library. I’m not sure why we’re not allowed to post to it, but it’s 100% legit. I get a lot of data from them for work and pleasure.

[Carriage Hill]

I’ve been over there for the past hour or so, and it’s loaded with information worth picking thru and reading.

[Utilizer]

Further info:

Most troubling of all, BadUSB-corrupted devices are much harder to disinfect. Reformatting an infected USB stick, for example, will do nothing to remove the malicious programming. Because the tampering resides in the firmware, the malware can be eliminated only by replacing the booby-trapped device software with the original firmware.