The Danger of HID
BadUSB
Section titled “BadUSB”While a BadUSB technically refers to any malicious USB device, we usually know them for emulating USB keyboards. They can appear like any regular flash drive or USB cable, but actually, they are tiny computers programmed to hijack your computer.
Keystroke Injection Attack ⌨️
Section titled “Keystroke Injection Attack ⌨️”A BadUSB is programmed to send a sequence of keystrokes to the computer. The computer thinks a human typed those and will handle them as such, even though the BadUSB injected them at incredible speeds. A BadUSB can type at speeds of over 9000 characters per second.
Abusing Trust 🎭
Section titled “Abusing Trust 🎭”BadUSBs work by manipulating us into thinking they are ordinary USB devices that are safe to plug in. They abuse our expectations and trust towards USB cables and flash drives. But they are also abusing the computer’s trust by acting as a USB keyboard. Computers trust keyboards because humans use them, and humans have full access to the computer. And the computer doesn’t know if the keystrokes it receives come from a human or another computer.