Plugging in a USB drive could be one of the most dangerous things you do on your computer, according to new research reported by Wired's Andy Greenberg. A new species of malware, dubbed "BadUSB," can use the drives to take over computers completely, altering files or redirecting web traffic, and because the virus resides in the drive's firmware, it may be impossible to protect against without changing the way the drives work. "These problems can’t be patched," one researcher told Greenberg. "We’re exploiting the very way that USB is designed."
It's still unclear exactly how USB drive manufactuers will respond to the news, but the more immediate answer may simply be a more careful approach to how we use the drives. As Greenberg puts it, "all you have to do is not connect your USB device to computers you don’t own or don’t have good reason to trust — and don’t plug untrusted USB devices into your own computer." That's bad news for lots of projects — including live-boot systems like Tails, which typically reside on USB drives — but it would keep users safe from scary attacks from all corners, including possibly the NSA. As researcher Matt Blaze points out, the Snowden documents revealed a number of USB-based attacks used by the NSA, which may rely on the same vulnerability.