The BadUSB malware previously detailed at Black Hat isn’t something you can detect, and until now, it was something you couldn’t get ahold of, either. That changes thanks to hackers Adam Caudill and Brandon Wilson, who have used a bit of reverse engineering to reproduce the USB vulnerability…and they’ve released it to the public.
The BadUSB attack was discovered and coined by Karsten Nohl, who held the Black Hat conference detailing the issue. With it, Nohl has shown that any USB device is vulnerable to attack, and the issue itself isn’t something that will easily be patched. For these reasons, the researcher decided not to release the code.
Not everyone agreed with that decision, apparently, and by releasing the code USB manufacturers are left with little choice but to scramble and get the issue fixed. The code has been made available on Github, something Caudill said is “largely inspired by the fact that” Nohl and his SR Labs did not release their materials.
Said Caudill to the folks at Wired about the issue, “If this is going to get fixed, it needs to be more than just a talk at Black Hat.” How long that fix might take — and what the fall out might be in the meantime — is yet to be seen.