BadUSB – Turning devices evil

USB peripherals such as keyboards and thumb-drives ,mice can be used to hack into personal computers.

German security researcher Karsten Nohl of Security Research Labs wrote that hackers could load malicious software onto tiny, low-cost computer chips that control functions of USB devices but which have no built-in shields against tampering with their code.

Turning USB peripherals into BadUSB

To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

like a magic trick you cannot tell where the virus came from

Once reprogrammed, benign devices can turn malicious in many ways, including:

A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

About Mohammad Rafati 290 Articles
I write on Powershell, Hacking and Security topics. Follow me for the latest news.