The flaw affects thumb drives and external hard drives, but also any device that connects to a PC using USB, including mouse or keyboard. Hackers could use it to issue their own commands on a PC. Malware can be installed this way. The computer’s settings can be changed, changing DNS settings, to redirect web traffic to certain sites. Even smartphones have firmware that can be reprogrammed in addition to USB memory sticks. The infection can travel both from computer to USB and vice versa. The flaw was discovered by Karsten Nohl and Jakob Lell at Security Research Labs. They called it “BadUSB.” They will present the research next week at the Black Hat security conference in Las Vegas. The two researchers say there’s no easy fix and they believe that the malicious firmware for USB sticks could quickly spread. They believe that the best course of action is to only use USB devices that are 100 per cent trustworthy; ones that users know haven’t been used by anyone else. “Nobody can trust anybody”, Nohl says.
