Researchers publish code for manipulating USB controllers

Spread the love

Two security researchers have posted code on GitHub that can manipulate USB controllers. Computers can often be attacked unnoticed with USB sticks. With the publication, the researchers say they want to underline the danger of ‘bad USB’.

In August, German researchers unveiled a method of attack during Black Hat by taking over Windows and Linux PCs after tampering with the firmware used in USB controllers. However, the code for the so-called “badusb hack” was not made public because the researchers believed the danger was too great and very difficult to patch.

Independent researchers Adam Caudill and Brandon Wilson disagreed with this reluctance and posted code on GitHub to reprogram commonly used USB microcontrollers from Taiwanese company Phison. With a manipulated USB stick they managed to emulate keystrokes, among other things. The attack code used would be virtually invisible to security software by using hidden partitions and other tricks and therefore very difficult to detect.

The two researchers say they deliberately released the code in their so-called Psychson project to accelerate work on possible defenses against bad USB. An earlier proposal, whitelisting USB devices, would take too long to be effective. However, the two would also not want to release certain code, Wired writes, such as a potentially very dangerous attack method in which USB sticks plugged into a PC could also infect each other.

You might also like
Exit mobile version