BadUSB: No fix for bad USB malware hack exploit reportedly in use by NSA, individual hackers

(PHOTO: REUTERS/KACPER PEMPEL/FILES)A man types on a computer keyboard in Warsaw in this February 28, 2013 illustration file picture.

German security firm Security Research (SR) Labs has just ramped up the severity of the USB malware hack exploit known as BadUSB.

"No effective defenses from USB attacks are known. Malware scanners cannot access the firmware running on USB devices. USB firewalls that block certain device classes do not (yet) exist. And behavioral detection is difficult, since a BadUSB device's behavior when it changes its persona looks as though a user has simply plugged in a new device," SR Labs wrote in their official blog about BadUSB.

Back in July, researcher Karsten Nohl demonstrated a hack attack he dubbed BadUSB and presents the fundamental vulnerabilities of the USB technology.

He mentioned that they have engineered a malware exploit similar to BadUSB that can be installed via the USB, which can completely take over the systems of a PC.

Two weeks ago, researchers Adam Caudill and Brandon Wilson revealed that they can "reverse engineer" the similar firmware that Nohl established two months back.

"The belief we have is that all of this should be public. It shouldn't be held back. So we're releasing everything we've got," Caudill told the Derbycon hacker conference audience.

He added, "This was largely inspired by the fact that [SR Labs] didn't release their material. If you're going to prove that there's a flaw, you need to release the material so people can defend against it."

The two men declined to name their employer, but insisted that for the BadUSB exploit to be fixed, there needs to be more than "just a talk at Black Hat."

They also argued that the BadUSB hack exploit might have already been in use for quite some time now by influential bodies of the government, such as the National Security Agency (NSA).

Copyright © 2014 Ecumenical News