Skip to main content
  1. Home
  2. Computing
  3. News

With BadUSB, hackers can make your USB devices turn against you

By

badusb hackers can make usb devices turn srlabs blackhat 2014
Image used with permission by copyright holder
Imagine malware that can take control of your keyboard, mouse, and webcam. Sounds scary, doesn’t it? Now, picture your PC coming across this malware which, oh by the way, is virtually undetectable. Hugging yourself in the corner and crying yet? This isn’t a hypothetical scenario either.

It’s real, and it’s called BadUSB.

According to SRLabs, a security research firm based in Germany, BadUSB can be loaded on any USB flash drive, and because it runs on a flash drive that’s connected to a target computer as opposed to the computer itself, it’s virtually undetectable to anti-malware programs installed on that machine.

Related

MORE: Meet Bleep, BitTorrent’s anti-NSA chat and messaging app

SRLabs says that a flash drive with BadUSB, when inserted into a computer, can act has a virtual keyboard, permitting a hacker to run malicious commands. It can also infect the controller chips inside other USB devices that are connected to the same computer. The stick with BadUSB on it can also behave like a network card and redirect a target’s traffic to malicious websites. On top of that, during bootup, a BadUSB-loaded flash or external hard drive can infect a computer’s operating system with a virus before it even completes the process of booting up. These are just some of the ways that BadUSB can ruin your life.

MORE: Best free firewalls for Windows and Mac

Treating such an infection is also not a simple matter of unplugging the USB devices from your system and/or reformatting your hard drive either, unfortunately.

“Cleanup after an incident is hard: Simply reinstalling the operating system – the standard response to otherwise ineradicable malware – does not address BadUSB infections at their root,” SRLabs says. “The USB thumb drive, from which the operating system is reinstalled, may already be infected, as may the hardwired webcam or other USB components inside the computer.” SRLabs also notes that a BadUSB device could even replace your computer’s BIOS. Yikes.

Your best defense against such an attack would be to never accept or plug in a USB flash drive that you got from someone you don’t trust. Also, as ExtremeTech (somewhat humorously, we assume) notes, when it comes to mice and keyboards, there’s always the possibility of going back to PS/2 devices, assuming your PC’s motherboard has those ports. Strangely enough, we’ve seen high-end gaming PCs ship with PS/2 ports in them even today, like the Maingear Vybe Z97, which we reviewed recently.

SRLabs will be releasing proof-of-concept tools on August 7, which will be demoed at the BlackHat 2014 conference next week.

Editors’ Recommendations

Konrad Krawczyk
Konrad Krawczyk
Former Digital Trends Contributor
Konrad covers desktops, laptops, tablets, sports tech and subjects in between for Digital Trends. Prior to joining DT, he…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more