Two security boffins have come up with a way of hacking USB drives which makes the whole concept so unsafe that they need to be placed in a leadbox, covered in cement and buried in a two-mile mine shaft.
SR Labs’ Karsten Nohl and Jakob Lell have created some Malware called BadUSB which can be installed on a USB device to take over a PC. They can make your computer invisibly alter files installed from the memory stick, redirect the user’s internet traffic, cause your computer to launch an immediate nuclear strike on Justin Bieber or have sex with your cat, depending on the hacker’s mood.
BadUSB does not live in the flash memory storage of USB devices, but in the firmware. The attack code can remain hidden even if the data has been wiped. The researchers said that there is no easy fix because it exploits the way that USBs are designed so you are stuck with it.
They reverse engineered the firmware that runs the basic communication functions of USB devices which is the controller chips that allow the devices to communicate with a PC and let users move files on and off them.
All USB devices from keyboards and mice to smartphones have firmware that can be reprogrammed in the same way, so basically the whole thing is doomed. Looks like that PS/2 port for your keyboard is a pretty good idea now.