Explaining BadUSB Hardware

Explaining BadUSB Hardware

In the second installment of our exploration, we will take a closer look at the hardware dimension of BadUSB devices, examining the diverse array of models present in the market today. It’s important to note that this compilation is not exhaustive; it does not endorse or favor any specific brand or model, nor does it serve as a critique of individual brands. The aim is to furnish you with a comprehensive survey of the various types of BadUSBs available.

As we navigate through this segment, bear in mind that the specifics may become antiquated swiftly due to the rapid pace of technological innovation and the constant flux of devices entering and exiting the market. Nevertheless, the foundational knowledge imparted here is designed to withstand the test of time, offering insights that will retain their pertinence well into the future. This guide is crafted to equip you with the essential understanding necessary to navigate the evolving landscape of BadUSB technology.

To protect against BadUSB it is important that you understand what you are up against, what is available on the market, and the capabilities of each.

There are basically 5 types of BadUSB:

  1. BadUSB Drives – these comes in the form of USB flash drives.
  2. Wireless BadUSB – these are in the form of USB flash drives but with wireless technology for remote control.
  3. BadUSB Cables – they are now able to hide inside the form of regular-looking USB Cables. This is actually the preferred method used by U.S. Intelligence Agencies.
  4. Advanced BadUSB – these can act like keyboard but can also act as mass storage and ethernet adapters, providing an even greater attack.
  5. DIY BadUSB – these are typically made from regular development boards by experienced hackers.

Hak5 is one of the most famous BadUSB manufacturers on the market today, made famous by the TV show Mr. Robot:

Maltronics is another popular BadUSB supplier, they are the #1 supplier of the famous Wireless BadUSB that allows for remote control. (https://maltronics.com/collections/malduinos). It has an easy-to-use Web UI, can store thousands of scripts, can switch between keyboard languages. I personally have this and love the ease of use and flexibility.

They also sell a product called WiFi Deauther, which demonstrates a vulnerability in the 2.4GHz WiFi protocol. It can kick devices off a network irrespective of whether you are connected to it or not. Using your Deauther, simply scan for nearby networks, select the network or individual clients you wish to kick off, then hit the Deauth button! (https://maltronics.com/products/wifi-deauther)

The latest O.MG Cable is just about the best out there, not only is it very stealth and the BadUSB is built right into the cable, it has a self-destruct function, is Wifi remote controlled, it can inject up to 890 keys per second! It can install within the blink of “ONE” video frame! and when dormant it acts like any other USB cable transmitting data or powering USB-C devices. You can even trigger payloads based on geo-location. I personally have the USB-C directional woven cable and I love all the features; it is cutting edge BadUSB technology and great for any Security Professional learning about the products to guard against.

The USBNinja Cable was created by a Chinese RFID research Group which actually started from a crowdfunding project. this tiny cable has a ton of features including a Flash Drive feature that O.MG cable does not. However, when it comes to Chinese hacking devices, I am always very wary about even plugging one in for training purposes as I am always unsure what else could this device be capable of that I am not aware of, and could it be transmitting data somewhere?? If you want to take a look, they are located at https://usbninja.com

Ok, now let’s talk about Bash Bunny that is from Hak5. This is a very powerful USB attack tool that can not only act as different kinds of USB devices but also can run tools like Nmap and Metasploit. It has both flash drive and ethernet adapter modes, runs advanced bunny language and can use BLE (bluetooth low energy). This device can literally from plug in to PWN in 7 seconds the computer is hacked and owned! Simultaneously mimic multiple trusted devices to trick targets into divulging sensitive information without triggering defenses. The Bash Bunny is truly the world’s most advanced USB attack platform. It can exfiltrate GIGS of data without ever transversing a firewall or triggering a detection system. Locked computer? This little device can compromise even locked machines, capture credentials, exfiltrate loot and plant backdoors! or how about performing vulnerability scans, offline patching! Pentesters can run Nmap, Metasploit, Responder, Impacket.

I won’t go a lot into DIY BadUSB simply because of the relative availability of pre-built BadUSBs on the market, and the experience level required to build one it is not likely you will see one in the wild. However, DigiSpark is the most popular development board for BadUSBs, with a cost around $3 USD, you will even find it available all over Amazon. ATmega32u4 is the most classic and has been around the longest but it is certainly not the most powerful by today’s standards.

In the upcoming third chapter of our series, we’re set to embark on a practical journey into the creation and configuration of BadUSB devices. We’ll be delving into the intricacies of crafting a BadUSB from scratch, guiding you through the setup process, and introducing you to the art of scripting. Alongside these technical details, we’ll provide you with a rich collection of exemplary cases that illustrate the potential uses and functions of BadUSBs.

Anticipate a hands-on experience filled with valuable insights and tips that will enhance your understanding and skills in handling these devices. So, keep an eye out for this informative segment, where we’ll transform theory into action and bring the concept of BadUSBs to life. Stay connected for an enlightening session that promises to expand your knowledge and expertise in the world of cybersecurity.