IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [badusb]

A USB device firmware hack allowing the device to spoof other USB devices when plugged into a computer, and run code on the victim's machine.

71 questions
129
votes
11 answers

Is there any way to safely examine the contents of a USB memory stick?

Suppose I found a USB memory stick lying around, and wanted to examine its contents in an attempt to locate its rightful owner. Considering that USB sticks might actually be something altogether more malicious than a mass storage device, is there…
200_success
  • 2,144
  • 2
  • 15
  • 20
50
votes
7 answers

How to prevent BadUSB attacks on Linux desktop?

What can I do to protect my Linux laptop from BadUSB attacks as described by ArsTechnica here? Perhaps writing an appropriate AppArmor profile would help?
student
  • 1,433
  • 4
  • 15
  • 23
48
votes
6 answers

Why don't OSes protect against untrusted USB keyboards?

Lately I've been reading about things like BadUSB and RubberDucky which are essentially USB sticks that tell the computer they are a keyboard. Once they are plugged in they "type in" whatever commands they were told to execute. My question is, why…
trallgorm
  • 875
  • 7
  • 19
40
votes
8 answers

Are all USB-based attacks dependent on being able to inject keystrokes?

From what I've seen, USB-based attacks such as RubberDucky need to be able to open a terminal and then execute commands from there, usually to download and then install malware or to open a reverse shell. Is this how most, if not all USB-based…
user942937
  • 983
  • 8
  • 14
21
votes
1 answer

How to check if my USB stick firmware can be rewritten via the USB port?

How can I know in Linux (or otherwise), if the firmware of my USB flash drive can be rewritten using the USB port (when sticking it in an USB port)? Eg. for a cheap EMTEC 16GB. I was thinking about using udevadm monitor, but do not have any clue on…
V G
  • 353
  • 1
  • 3
  • 8
21
votes
1 answer

Can SD-Card be a vector of a BadUSB type attack when used with a USB reader?

The firmware of a USB flash drive can be maliciously rewritten in order to make it appear as a rogue device (like a keyboard, a network card, etc.). Since several different kind of devices may be simultaneously connected to the same USB port, it…
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
13
votes
1 answer

How does one properly check foreign USB Drives before getting them in your Network? Is the presented approach considered "safe"?

Current Situation: I´m currently employed at an Hospital and with rising danger of ransomware etc. spread by usb drives we decided to block all USB-Ports (roundabout 600 Clients/Windows only) via Symantec Endpoint Protection. This blocking can…
architekt
  • 986
  • 1
  • 7
  • 18
10
votes
1 answer

Is all the alarmism around BadUSB really called for with respect to host devices?

I can understand why there was such a furor about BadUSB and indeed it poses a rather earthshaking threat to the base assumptions of many in their cyber security threat models. Things which many of us use regularly for routine tasks can now barely…
J. Doe
  • 289
  • 2
  • 6
8
votes
2 answers

Hardware devices for protecting against BadUSB?

Have any devices been released which protect against BadUSB attacks? I'm particularly interested in buying a USB hub which has the following protections: The USB hub itself won't allow reflashing of its own firmware or will at least require new…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
6
votes
2 answers

Are DVDs vulnerable to firmware malware (and assorted questions)?

I have a few questions about DVD drives. Are DVD drives and SATA interfaces vulnerable to issues like BadUSB caused by being able to reprogram firmware of the drive or disk or even spreading to other hardware such as NIC, RAM, CPU, BIOS once…
Aoi. T_015
  • 203
  • 2
  • 10
6
votes
3 answers

Is it safe to connect a random USB battery from a bin to my phone without stopping data transfer in some way?

I've asked the question Power-only USB connection to charge my phone - as simple as cutting the data lines? in electronics SE. In order to bypass the "Why do you want to do this?" request for clarification, I explained. Here is the first…
uhoh
  • 1,385
  • 1
  • 11
  • 21
6
votes
4 answers

Detection of BadUSB

We plan to distribute our new software using USB flash drives. The plan is for the field service specialists to visit our customers and upgrade the software using one of our flash drives. However, we want to be able to reuse the flash drives. Can…
JLmatud
  • 61
  • 1
  • 3
6
votes
1 answer

Is the iPhone vulnerable to the BadUSB malware?

Supposedly, the BadUSB malware can infect any USB device. But I find this hard to believe since I don't see why most USB devices would have reprogrammable firmware and I find it even harder to believe that the iPhone could be vulnerable to this. Is…
user117279
  • 105
  • 5
5
votes
3 answers

BadUSB: Why are firmware writeable in the first place? Manufacturer's backdoor?

How many of you have actually updated their mouse, keyboard or USB stick firmware? How many vendor actually propose updates for such devices? However these devices firmware often offer a proprietary update feature. Why is it so? What is the expected…
WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104
5
votes
2 answers

How to check if my usb drives are vulnerable by BAD USB

Mark pointed out that only one chip type is vulnerable to BAD USB, id like to check if mine are, am using only Kingston flash drives here so can you tell me if they are, or if there exists a list somewhere i could check this? thank you.
findulinRomosa
  • 51
  • 1
  • 3
1
2 3 4 5