What is BadUSB and are Apricorn devices susceptible to this exploit?
Question:What is BadUSB and are Apricorn devices susceptible to this exploit?
BadUSB is a theoretical exploit that was presented by SR Labs at the Black Hat conference in August of 2014. SR Labs demonstrated a vulnerability in one USB device that allowed malicious code to be programmed into the USB controller through a firmware update process. The attack described is very sophisticated and in the case of Apricorn's products would require advanced knowledge of our USB controller, a leaked version of our firmware, the programming tool to update our controller, the password used for our programming tool, and an in depth understanding of the device's functionality, etc. According to SR Labs, the failsafe method to eliminate this threat is to simply disable the ability to update the controller's firmware. Apricorn's devices shipping today, including all of our USB 3.0 security products, Padlock and Padlock Pro families already have the firmware locked which prevents field updates to the USB controller. As a continuous improvement, Apricorn is locking down the firmware on all USB controllers used in Apricorn devices to safeguard against this vulnerability.