The past 12 months has been a time of high anxiety for the cybersecurity field. Well-publicized breaches with giant companies like JPMorgan Chase, Home Depot and Target have affected millions of consumers. With unprecedented resources at hackers' disposal, practically every company has at least some concern about the safety of its data.

Now, a modification to the small external USB drives that can be found on just about anywhere a computer threatens to turn a basic piece of computer hardware into a data-damaging weapon.

However, the "BadUSB" bug is not being publicized because of a massive attack to a company or unsuspecting computer users. It's been released by computer researchers, in the hopes that the bug can be patched.

This August, at the annual Black Hat cybersecurity conference in Las Vegas, Karsten Nohl and Jacob Lell of German research firm Security Research Labs presented their findings on the malware (see video above). They say, "USB sticks ... can be reprogrammed to spoof various other device types in order to take control of a computer, exfiltrate data, or spy on the user."

If you're familiar with any anti-virus software, you may know that many kinds of software in that market segment allow for virus and malware scans with USB flash drives and external hard drives. In the words of Nohl and Lell, BadUSB is a "a new form of malware that operates from controller chips inside USB devices" and is "not detectable with current defenses."

At the time, Nohl and Lell didn't release the code for the potential hack. That came last week when fellow researchers Adam Caudill and Brandon Wilson announced at the recent Derbycon conference in Louisville, Kentucky, that they had reproduced the BadUSB flaw. The code was then posted by Caudill on GitHub, an open-source file- and code-sharing site.

So, has the release of the code by Caudill led to a breakthrough patch in the last week? Not exactly.

As reported by Wired on Oct. 7, Caudill and Wilson themselves have somewhat patched the bug by disabling a USB drive's "boot mode," which they say will make it much harder for a device to be reprogrammed.

Nohl is not so sure, telling Wired, "The normal, ordinary way to reprogram the firmware is what they're removing now. That just creates an incentive to find a bug ... I'm sure that bugs will be plentiful." Furthermore, the patch is only applicable to the USB 3.0 standard of controller chips, manufactured by Taiwanese company Phison.

Caudill and Wilson's strategy in releasing the BadUSB is a well-intentioned but high-risk one. If a hacker with access to a high-value system was to use the malware, the consequences could be disastrous. That makes prompt patching of the utmost importance.

Stores are extremely unlikely to stop carrying USB drives upon learning of the bug, and any new computers will still have two or more of the popular ports, especially as no large-scale attack has been reported as of yet.

However, Nohl warns that the BadUSB discovery could have dire implications: "Once infected, computers and their USB peripherals can never be trusted again."