BadUSB. What is it and how does it work? Application examples
There are proven hardware tools that have been used for years to find and exploit weaknesses in the security of information systems or computer networks. They are used not only by these ethical hackers, red team members and cybersecurity experts during tests, assessing whether and how the customer's infrastructure is able to defend itself against possible attack. They are used primarily by intruders who can pose a real threat to many companies. One such tool is BadUSB. What does this gadget do, and what harm can it do when connected to a computer? You will find the answers to these and other questions in this post.
What does BadUSB look like and ?
BadUSB is reminiscent of an ordinary flash drive, but when connected to a USB port it can seriously "mess up". The operating system detects it as Human Interface Device , which is in short a HID device. The computer will treat BadUSB as the keyboard. This virtual keyboard is able to automatically “press” a pre-programmed sequence of individual keys to perform certain actions on the computer.
When BadUSB is connected, it starts sending commands, specific keyboard shortcuts, and pre-programmed strings. Connecting BadUSB to a computer can be compared to giving someone your keyboard inadvertently and letting them take complete control of the system. The device sends commands, appropriate keyboard shortcuts and pre-programmed strings to the computer.
BadUSB - examples
One example of BadUSB is the Maltronics product from over 9,000 characters per minute. BadUSB Rubber Ducky is also very popular. This evil "rubber duck" is, however, twice as expensive as Malduino devices. A cheaper and equally good alternative in which BadUSB scripts can be run remotely or on command is the Malduino W . Thanks to it, with a simple web interface you can:
- boot,
- edit
- delete,
- and download various scripts from GitHub.
Programming i.e. BadUSB scripts
How is programming performed for BadUSB ? An appropriate script is loaded onto the memory card inserted in the device. BadUSB scripts get compiled into binary form (built-in controller).
Flipper Zero is an exception here, as it does not need to compile the script into binary form. Just throw in the txt file right away.
How can the example BadUSB script look like? For example, as follows:
DELAY 1000
ALT F2
DELAY 1000
STRING gedit
DELAY 1000
STRING You have been
DELAY 1000
STRING hacked
ENTER
DELAY 1000
STRING greetings
DELAY 1000
STRING Sapsan
DELAY 1000
STRING !!! :)
If the badUSB device with the above script * loaded to the computer was connected to the computer, it would start the text editor and enter the previously defined content in it: You have been hacked greetings Sapsan !!! :) * The above script is for Linux (Gnome environment) The DELAY parameter is the time (in milliseconds) before entering the next commands. This may give the impression that a human being is typing this text. Of course, such a sample of typing text on a computer screen can only be an innocent example for representational purposes. Intruders can use a whole bunch of dangerous scripts that are properly adapted to different system platforms. They are able to download a virus or extract all data from directories. For example, the contents of folders using the SimpleHTTPServer service can be made available in the form of a website on the default port 8000. And then the user with the appropriate permissions has full access to them. You have to be aware that the BadUSB housing is often very easy to disassemble and, for example, to put into another, innocent-looking USB gadget. Inadvertently connecting such a device to an unlocked computer with administrator privileges can do a lot of harm. Such events, however, take place much less frequently than, for example, hacking into accounts on various websites. So it is definitely worth configuring the appropriate authentication key .
Examples of the use of BadUSB so what bad can happen?