3

I would like to know if a BadUsb can simulate a real device or it just execute programmed functions and stop working. For example, if a "mouse" is a BadUsb, when I plug it in a PC, will it work like a real mouse and allow me to use it or will just execute programmed functions and don't work anymore?

Also, these functions are visible? For example, will a terminal always appears on screen or can the code execution be invisible?

forest
  • 66,706
  • 20
  • 212
  • 270
Mycroft
  • 758
  • 3
  • 10
  • 26

1 Answers1

5

A BadUSB device can simulate an HID (human-interface device) such as a mouse or keyboard without breaking functionality. Such a device could easily be made which both executes programmed functions and works as a real mouse. In fact, even a flash drive could do that, by pretending to be a USB hub. That would allow it to pretend to be two devices at once, behaving as a storage device and as a keyboard.

Although, in theory, the functions should be visible, there are numerous ways to execute code through an HID without any visible interactions in the screen. You can't rely on the lack of a terminal popping up with text appearing in it as an indicator that a malicious HID is not present.

forest
  • 66,706
  • 20
  • 212
  • 270
  • Well, this is kinda terryfing. I know this is another question, buy is there a way to protect against this type of attack besides plug only devices from trusted vendors? – Mycroft Apr 06 '19 at 00:58
  • 2
    @Mycroft Perhaps your operating system allows you to disable all but one keyboard and mouse at a time? Personally I use a PS/2 keyboard and mouse (though for other reasons), so I rarely even use USB. – forest Apr 06 '19 at 01:10
  • @Mycroft What OS are you using? If you're on Windows 10 you can use Penteract Disguised-Keyboard Detector from the Windows Store. – User42 Apr 11 '19 at 06:44