Home Thanks GitHub! Now Anyone Can Download This Unpatchable USB Malware

Thanks GitHub! Now Anyone Can Download This Unpatchable USB Malware

How do you get people to take your unpatchable malware program like the serious threat it is? You release it into the wild where anybody can get their hands on it.

That’s the method behind the madness of security researchers Karsten Nohl and Jakob Lell. Their proof-of-concept malicious software indicates a huge hole in a commonly used technology—USB storage—and is now available for download on GitHub.

See also: Microsoft Patches Hollywood-Style USB Windows Exploit

USB sticks have become so cheap and easy to use that companies often hand them out like calling cards at conferences. Nohl and Lell, however, have found a flaw in USB security that allowed them to do some really scary things. Their malware, named BadUSB, can be installed on a USB stick to take over a PC simply by being plugged into the computer.

The researchers, who work for security consultancy SR Labs, demonstrated BadUSB to a packed crowd at the Black Hat conference in Las Vegas. There will be no quick fix for the vulnerability they’ve found, so the researchers have decided to open source it.

At first glance, it seems like a terrible idea to put malware where anybody can access it. However, this is a pretty standard practice in the online security world. In fact, it’s not even against GitHub’s terms of service since the researchers are upfront about their reasons.

“Security researchers often release a proof of concept to raise awareness of the vulnerability in the security community, and to encourage people to protect themselves,” a GitHub spokesperson told ReadWrite. “A repository that contains a proof of concept but isn’t maliciously or covertly distributing malware would not be in violation of our terms of service.”

See also: How To Win Friends And Make Pull Requests On GitHub

Now that the researchers have opened the floodgates, more security experts may be motivated to begin working on a fix soon. And until then, stick to the USB sticks you already trust. 

Photo by Ambuj Saxena

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.