Security researchers Karsten Nohl and Jakob Lell are presenting their findings at the BlackHat conference in early August. They have found a way to reverse engineer the very firmware that controls communication between the USB device (your mouse, your keyboard, that flash drive your latest business contact gave you with their resume) and the computer it is plugged into. They were able to install malware into this firmware that is undetectable and undeletable. Using this method, they were able to take complete control of a computer the device was connected to.
You can give it to your IT security people, they scan it, delete some files, and give it back to you telling you it’s ‘clean… [But these] problems can’t be patched. We’re exploiting the very way that USB is designed. – Karsten Nohl (source: Wired/Gizmodo)
It’s also possible for a clean USB device to be plugged into an infected computer, and be infected as a result.
Nohl and Lell are torn whether to release the code they were able to develop to BlackHat at this time because of the damage it can cause. With all the malware that is possible, this delivery method makes it possible to take over any part of a computer or even mobile devices that connect via USB. It can be used to spy on internet traffic, phone calls, reroute through malicious websites, trace emails, record and transmit passwords, just about anything.
The only known method of avoiding infection is to “treat USB devices like hypodermic needles that can’t be shared among users,” according to Nohl. However, this is largely inconvenient and against the very model of how USB was supposed to work.
Additionally, there was the issue of NSA spying revealed by Edward Snowden earlier this year. University of Pennsylvania computer science professor Matt Blaze states, “I wouldn’t be surprised if some of the things [Nohl and Lell] discovered are what we heard about in the NSA catalogue.”