Adam Caudill and Brandon Wilson are the two names behind the introduction of a malicious virus injected through a USB device. USB abbreviated for Universal Serial Bus is a portable data storing device, this flash drive system has been popularly used these days for storage back-up and transfer of files, replacing the use of floppy disks and CDs serving the purpose before.
Approximately every computer, laptop and mobile devices has a USB port. This option has helped every gadget user to make use of USBs and benefit from this reliable, faster, and smaller device for file storage. However, Adam Caudill, and Brandon Wilson have reversed this engineering psychology. By breaking the security model for USB, the two guys have presented how to take advantage of USBs. The code that has been introduced by the two researchers can help a person inject a virus into the machine and control it without the user’s knowledge. The bug has already been released on Github for initiating the action.
The corrupting code was previously introduced by a different researcher, Karsten Nohl, at the Black Hat security conference. The investigator chose to hide the information because he feared the risks. But Adam Caudill and Brandon Wilson considered disclosing it and so publicly announced the USB exploit after copying Nohl’s work on their own. They assumed that the technique is already in the hands of government officials and security agencies and so it should be leaked in order to find a way to fix it.
It all starts with the micro controller firmware used by the Taiwanese firm Phison- the company is the leading manufacturer worldwide. Like Nohl, Caudill and Wilson reverse engineered the firmware and reprogrammed it to perform specific options. For instance the infected USB can mimic a keyboard function and can type text on a computer of the victim without his knowledge. Because the attack code is stored in the USB controller’s memory, there is no option deleting it.
Fixing this bug would require a new security program to change the controller’s code, but that will not be applicable for devices that have already been corrupted with Malware, they need to be replaced.