BadUSB Use Cases

The reason for using tools like BadUSBs can generelly be divided into 3 categories:

• 😇 Good (pentesting, education, research, …)
• 🤪 Fun (rick roll, show-off, …)
• 😼 Bad (spreading malware, stealing data, …)

Blackhat Talk

In 2014 at the Blackhat conference Karsten Nohl and Jakob Lell presented the talk BadUSB - On Accessories that Turn Evil where they showed that theoretically any USB device can be turned into a BadUSB by manipulating the firmware.

We love to pick up flash drives

A research titled “Users Really Do Plug in USB Drives They Find” from 2016 shows that people are very likeley to pick up and plug in USB flash drives. Learn more about their investigation here.

US Military hacked

In 2008 a worm infected the the network of the US department of defense. It took them 14 months to clearn everything up. It started by someone plugging in a malicous USB drive. Learn more about Operation Buckshot Yankee: https://en.wikipedia.org/wiki/2008_cyberattack_on_United_States

NSA ❤️ BadUSB

A leaked document shows that the NSA created a lot of advanced hacking tools, amongst them are also BadUSBs. Learn more about the NSA ANT catalog: https://en.wikipedia.org/wiki/NSA_ANT_catalog

Mr.Robot USB Rubber Ducky Cameo

In season 2 episode 6 of the TV show Mr.Robot, they briefly explain how a BadUSB (in this case the USB Rubber Ducky) can be used to steal passwords from unlocked computers in just 15 seconds.