BadUSB Protection
I hate to say this, but there is no simple solution that prevents this issue 😔. Keep in mind that:
- You can’t trust unknown USB devices
- BadUSBs can hide in any USB device
- BadUSBs are indistinguishable from harmless ones
- Test untrusted USBs on a system where they can’t damage anything (old computer, VM, …)
Products
Section titled “Products”Several products exist that promise to help you. But how effective they are and whether or not they are worth it for your use case is something you have to evaluate for yourself. I can’t vouch for any of them.
In terms of software products/open-source projects, I found the following:
UPDATE There is also hardware that can detect BadUSBs. It comes in handy if you have to test untrusted devices.
Windows Registry
Section titled “Windows Registry”If you don’t want to install or buy anything, you can also change a Windows Registry setting, which makes it a lot harder for BadUSBs to gain admin privileges on your computer. This won’t block BadUSBs, but render many dangerous BadUSB scripts useless.
- Type Regedit in the start menu and open it
- Navigate to
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System - Find
ConsentPromptBehaviorAdmin, right-click and select Modify - Change the Value to 1 and click OK
General Security Tips
Section titled “General Security Tips”I’m not a cyber security consultant. If you need evaluation on the security of your systems, please seek a professional.
But I recommend these simple suggestions that will keep your digital life much safer:
- Use a Password Manager
- Enable 2 Factor Authentication on all critical accounts
- Backup all the data you don’t want to lose
- Always lock your computer (WINDOWS+L)
Didn’t get enough?
Section titled “Didn’t get enough?”Seytonic made a great video about this topic: https://www.youtube.com/watch?v=Vq0kUxslp80