Phison 2251-03 (2303) Custom Firmware & Existing Firmware Patches (BadUSB) by Adam Caudill and Brandon Wilson.
Not as catchy a title as the BBC: Attack code for ‘unpatchable’ USB flaw released.
The BBC quotes Karsten Nohl (one of the original discoverers of the USB flaw) as saying:
In the case of BadUSB, however, the problem is structural,” he said. “The standard itself is what enables the attack and no single vendor is in a position to change that.
The market figures for USB flash drives highlight the significance of this “flaw:”
The podcast that lead to this post, SSCC 168 – Amaze your friends by ruining all their USB drives! [PODCAST] mentions PROMs (Programmable Read-Only Memory) as a defense for future USB products. PROMs are programmed by physically altering the chip, “burning,” which prevents some reprogramming of the chip. Connections that aren’t “burnt” could be altered on a PROM but the effectiveness of that for reprogramming isn’t known.
Should USB flash drives with firmware protected by PROMs prove to be popular, it is always possible to build USB flash drives with rogue PROMs. Various logos with custom malware installed.
The security lesson here is that devices are insecure if you can’t verity their firmware.