How You Can Avoid a BadUSB Attack

Image: Getty Creative

Thanks to a couple of enterprising (or thoughtless) security experts and hackers presenting at Derbycon in Louisville, Kentucky, last week, BadUSB is now out in the wild — Or at least downloadable on GitHub. It's enough to make your stomach turn and certainly leave you wondering: How do I avoid BadUSB?
To know how to stop BadUSB, the seemingly unstoppable USB stick hack that can turn a USB memory stick into a system-lethal weapon, it's instructive to understand what it is and isn’t. BadUSB is not malware. It's not a file you can download from email or off an infected device that can then run rampant on your computer and network. BadUSB is, as the name suggests, a bad USB drive that has been altered to connect to a computer in ways that normal USBs do not.

If you plug such an altered USB into your computer it can, because it’s actually a tiny computer all by itself (as are all USBs), run commands, execute files and generally wreak havoc.

What can you do

While it's not easy to create these kinds of dangerous USB devices, it's also impossible for you to tell the difference between a regular USB and an altered one. Worse yet, since the files stored on the USB will not likely be infected, standard security software probably won't even detect that these are dangerous little pieces of hardware when you plug them into your computer.
We spoke to some security software firms about their best advice for avoiding BadUSB and their recommendations were remarkably analog.
Representatives from the Security Response team at Symantec, which makes the popular Norton family of security software products, acknowledged that traditional anti-virus technology can't "inspect the drivers running inside a USB device."
For consumers they recommend:

• Only insert trusted USB devices into computers
• Do not use or purchase pre-owned USB devices (they could potentially contain malicious software).
• Never leave your computer or mobile devices unlocked or unattended.