It’s a common scene from TV: Our hero sneaks into the villain’s office, plugs in a USB stick and — flash! — all the secret plans to conquer Chicago are sucked down into the thumb-drive. The only fiction is how fast it takes to download data. In the real world, office data thieves walk out with stolen data everyday on their flash drives.
It could be worse. USB sticks can also carry malware. Or, as SRLabs security researchers Karsten Nohl and Jakob Lell propose to show at Black Hat, an ordinary USB pen drive can be turned into an automated hacking tool.
The base problem, according to the pair, is “USB has become so commonplace that we rarely worry about its security implications. USB sticks undergo the occasional virus scan, but we consider USB to be otherwise perfectly safe — until now.”