Security researchers from SR Labs have uncovered a fundamental flaw in the way USB devices work. It affects every single USB device out there and worst yet, there's no line of defense short of prohibiting USB stick sharing or filling your USB ports with superglue. The flaw that security researchers Karsten Nohl and Jakob Lell plan to present next week at the Black Hat security conference in Las Vegas runs deeper than simply loading a USB drive with malware. Instead, it's built into the core of how the technology works.

After spending several months reverse engineering the firmware that handles the basic communications functions of USB devices, they were able to reprogram the firmware to hide malicious code. This firmware is present on every USB device within the controller chip - the component that facilitates communication between the USB device and the computer it's plugged in to. By loading malicious code on the firmware, it's essentially hidden from sight. Anti-virus scanners can't pick it up and formatting won't help, either. To prove their point, the team created a piece of malware called BadUSB that can be used to completely take over a PC, alter files invisibly and even redirect a user's Internet traffic.

Researchers uncover fundamental USB security flaw, no fix in sight