We recently reported a new potential security threat in the form of hacked USB device firmware.

The details of the original hack were not reported by its discoverers, since it seemed likely that the vulnerability was widespread and difficult to fix.

Now a second team of researchers has published working code for a similar hack. Reactions have been mixed, with some categorizing this move as irresponsible.

This is probably going to get a lot worse before it gets better. There’s currently no way to detect whether a USB device has been hacked. Traditional anti-malware software is useless for this purpose.

Hopefully you were already exercising caution when using thumb drives, viewing drives from unknown sources with suspicion. With this new vulnerability, there’s probably no way to be perfectly safe unless you stop using thumb drives completely. Since that’s not practical for many users, you can stay relatively safe by making sure that your thumb drives are always on your person or stored in a secure location when not in use. So much for convenience.