In the previous chapter, we focused on the viruses that spread via removable media, but it’s nothing compared to the threat we will be looking at here.

Many of you have probably been told to avoid plugging in UBS devices that haven’t been under your control since this may have far more serious consequences than one could ever imagine. Some people were so paranoid about it that they would rather swallow a USB device of unknown origin than risk inserting it into their computer. Soon this conviction gave way to a recommendation that users should check a USB flash drive by scanning it with an antivirus or launching files in a sandbox. Today many users overlook these precautions without giving them a second thought. They plug in any USB device into their computer or laptop completely unaware that the price for such reckless behavior can be too dear…

BadUSB is an attack method that overwrites the firmware of the USB devices disguising itself, for instance, as a keyboard or removable media card and thus empowering itself to execute malicious code on your PC.

Every USB device has a microcontroller running on it, and this microcontroller talks to your PC telling it what kind of device is connected to your computer and how to handle it. However, a great many USB flash drives have absolutely no defense against this firmware exploit that can effortlessly turn a USB device into an external Wi-Fi adapter or Web camera.

Unlike a user who can easily tell an external hard drive from an external keyboard, your computer will hardly ever be able to do that simply because it has no eyes…

The bad thing is that this flaw can’t be beaten by antivirus or some other solutions. Antiviruses are just incapable of seeing through the behavior of external data storage. For instance, a USB device infected with BadUSB can spoof a computer network interface and redirect traffic by altering DNS settings, sending your sensitive data to a malicious intruder. See, there’s no way your antivirus could read that such USB device is actually pretending to be a common network interface.

BadUSB is a targeted attack method since the differences of microcontrollers render the task of creating a universal solution from this firmware flaw – unfeasible. However, an attacker can overwrite the firmware of a USB flash drive, external hard disk, keyboard, mouse, Web camera, Android device for a targeted attack, and if this method used to be accessible only to hackers and intelligence agencies, today it is available to every security expert, while user PCs are still unprotected from this pernicious threat.

The only sensible way to protect yourself against this threat is to avoid at all means plugging in USB devices that didn’t originate under your control into your computer. Charging a cell phone you don’t own from your laptop carries the same huge risks.

A lot of companies choose the above way to evade the payload that BadUSB can deliver. At the time of this publication, the news emerged about IBM’s banning all employees from using removable storage devices in all its facilities. Instead of removable storage, the staffs are required to use the corporate cloud. The move is supposed to eliminate a host of threats associated with external data storage, including BadUSB.