In July, we reported on a potentially hugely damaging security exploit accessible via USB that could cause huge concerns for cybercriminals with physical access to machines. At the time, the the researchers of BadUSB demonstrated the hack, but elected against releasing the code to the general public. Techspot reports that a another USB exploit has been discovered by a pair of researchers who have "thrown caution to the wind by posting code for a similar attack on GitHub."
Researchers Adam Caudill and Brandon Wilson managed to replicate the 'unpatchable' exploit that makes any USB port an entry point for malware. Engadget comments that the method behind this seemingly reckless act as a selfless one: "Some might argue that releasing this sort of information into the wild is irresponsible and dangerous, but Caudill and Wilson hope to get USB vendors thinking seriously about this potential threat by proving there's nothing potential about it."
This may sound risky, but it isn't against GitHub's terms of service. Speaking to ReadWrite, a GitHub spokesperson said: "Security researchers often release a proof of concept to raise awareness of the vulnerability in the security community, and to encourage people to protect themselves. A repository that contains a proof of concept but isn't maliciously or covertly distributing malware would not be in violation of our terms of service."
Time will tell if the Caudill and Wilson's open sourcing gamble will pay off, or if it will lead to a spate of USB malware hacks. ReadWrite concludes with some solid advice, no matter how this story develops: "Stick to the USB sticks you already trust."
Photo: Nejron Photo