BadUSB is a security attack using USB devices that are reprogrammed with malicious software.
Two months after the talk, other researchers published code that can be used to exploit the vulnerability.
In 2017, the USG was released, which is designed to prevent BadUSB style attacks.
Nohl stated: "It's the struggle between simplicity and security. The power of USB is that you plug it in and it just works. This simplicity is exactly what's enabling these attacks."
Author Catalin Cimpanu from ZDNet noted that the BadUSB attack is "incredible rare". Though, in 2020, an attack was found in the wild where an hospital was attacked using a fake Best Buy gift. The attack downloaded malware through a PowerShell command which was typed in through the programmed keystrokes in the flash drive.
- "Why the Security of USB Is Fundamentally Broken". Wired. ISSN 1059-1028. Retrieved 2021-09-07.
- "The Unpatchable Malware That Infects USBs Is Now on the Loose". Wired. ISSN 1059-1028. Retrieved 2021-09-07.
- Doctorow, Cory (2017-03-03). "USG: an open source anti-BadUSB hardware firewall for your USB port". Boing Boing. Retrieved 2021-09-07.
- Nohl, Karsten. "BadUSB - On accessories that turn evil" (PDF).
- Goodin, Dan (2014-07-31). "This thumbdrive hacks computers. "BadUSB" exploit makes devices turn "evil"". Ars Technica. Retrieved 2021-09-07.
- Cimpanu, Catalin. "Rare BadUSB attack detected in the wild against US hospitality provider". ZDNet. Retrieved 2021-09-07.