What is a BadUSB attack?

BadUSB is an attack that exploits an inherent vulnerability in USB firmware. Such an attack reprograms a USB device, causing it to act as a human interface device; once re-engineered, the USB device is used to discreetly execute commands or run malicious programs on the victim's computer.

History of BadUSB

The BadUSB exploit was first discovered and exposed by security researchers Karsten Nohl and Jakob Lell at the 2014 Black Hat conference. The BadUSB code is currently available to the public via the code sharing site, Github, meaning that anyone—even those with little or no expertise—can launch a full-blown BadUSB attack.

  These problems can't be patched. We're exploiting the very way that USB is designed.- Karsten Nohl

How BadUSB works

A USB is able to connect to many different devices, including cameras, keyboards, modems, webcams, wireless networking devices, and others. Unfortunately, the way the USB is designed has yielded this BadUSB security flaw.

The USB microcontroller chip that contains the firmware is used to identify the type of device that's connected and its capabilities. Once the firmware is compromised, it's just a matter of time until the hacker reverse engineers the USB device to insert the malicious code within the workstation. This exposes the organization to a whole range of security attacks, such as logic bombs, data theft, ransomware, and more.

How to protect your business from BadUSB attacks

The most surefire solution to protect against BadUSB attacks would be to physically block all USB ports within the organization. However, such outdated practices end up curtailing employee productivity and impede the adoption of newer trends such as bring your own device. What every organization needs is a robust device control solution that can detect, alert, and stop nefarious actions originating from USBs, all without compromising on productivity.

The DataSecurity Plus solution

There's no better way to ensure safe USB usage within your organization than by using DataSecurity Plus, the comprehensive USB device control solution.

  • Prevent data theft via USB
    Block files with highly sensitive data (such as PII or ePHI) from being copied or moved to external storage devices. Report every time a file is accessed and speed up post-incident forensic analysis.
  • Protect against BadUSB security attacks
    Detect potential malware intrusions, such as ransomware infections that penetrate the organization via BadUSB attacks, and send email alerts instantaneously.
  • Quarantine BadUSB ransomware infections
    Isolate and cut off the corrupted workstation from the network within seconds of ransomware infection using DataSecurity Plus' automated threat response mechanism.
  • Detect risky USB device usage
    Locate, track, and analyze the use of USBs across the organization and detect anomalous behavior, such as the use of a USB device during non-business hours.
Download a free, 30-day trial
Email Download Link