Researchers have published BadUSB code two months after Karsten Nohl from SR Labs demonstrated at the Black Hat conference in Las Vegas how to use the virtually undetectable malware to infect nearly any USB device.
Researchers Brandon Wilson and Adam Caudill conducted a similar demonstration at the security convention, Derbycon, held in Louisville, Ky., recently.
Nohl had refrained from publishing the code because there was no easy way to remedy the flaw in USB devices with a patch. But Wired quotes Caudill as telling the Derbycon audience Friday that “all of this should be public. It shouldn't be held back.”
As a result, he and Wilson released “everything we've got,” saying that “you need to release the material so people can defend against it.”