Towards Protection Against a USB Device Whose Firmware Has Been Compromised or Turned as ‘BadUSB’

  • Usman ShafiqueEmail author
  • Shorahbeel Bin Zahur
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 70)


A BadUSB is a Universal Serial Bus (USB) device (usually a mass storage device) whose firmware has been modified so as to spoof itself as another device (such as a keyboard) in order to avoid being scanned by an anti-virus. This way, a pre-written script runs, after the infected USB device is plugged-in, and keystrokes from a keyboard are simulated. This can cause an attacker to install backdoors, keyloggers, password sniffers etc. This paper attempts to solving this problem by presenting hardware—software coupled design which allows the user to have an additional layer of security so that such devices can be identified and stopped.


USB Firmware attack Device spoofing Hacking Device compromised 


  1. 1.
    Nohl, K., Lell, J., Kri, S.: Turning USB peripherals into BadUSB (2014) [Online]. Available:
  2. 2.
    Nohl, K., Kri, S., Lell, J.: BadUSB—on accessories that turn evil (2014)Google Scholar
  3. 3.
    USB Mass Storage Device (2011) [Online]
  4. 4.
    Caudill, Adam, Wilson, Brandon: Making BadUSB work for you. Derbycon, Location (2014)Google Scholar
  5. 5.
    USB in a Nutshell. Making Sense of the USB StandardGoogle Scholar
  6. 6.
    Davies, Z.: “USB,” Ziff Davies Inc (2010)Google Scholar
  7. 7.
    Li, G., Li, M., Zhao, G., Zang, J.: Research on USB driver for data acquisition. In: 2010 2nd International Conference on Future Computer and Communication (ICFCC), pp. V2-74-V2-78 (2010)Google Scholar
  8. 8.
    Cui, A., Costello, M., Stolfo, S.J.: When firmware modifications attack: a case study of embedded exploitation. In: Presented at the 20th Annual Network and Distributed System Security Symposium (2013)Google Scholar
  9. 9.
    Basnight, Z., Butts, J., Lopez, J., Dube, T.: Firmware modification attacks on programmable logic controllers. Int. J. Crit. Infrastruct. Prot. 6, 76–84 (2013)CrossRefGoogle Scholar
  10. 10.
    Denning, D.E.: Stuxnet: what has changed? Future Internet 4, 672–687 (2012)CrossRefGoogle Scholar
  11. 11.
    Password Stealing USB [Online]. Available:
  12. 12.
    Beegle, L.E.: Rootkits and their effects on information security. Inf. Syst. Secur. 16, 164–176 (2007)CrossRefGoogle Scholar
  13. 13.
    M. B. Solutions “User’s Guide,” no. February 2004Google Scholar
  14. 14.
    Project BadUSB [Online]. Available:
  15. 15.
    Universal serial bus device class specification for device firmware upgrade, pp. 1–44 (1999)Google Scholar
  16. 16.
    Alcor: Alcor MP AU698x 100517 firmware [Online]. Available:
  17. 17. RecoverTool [Online]. Available:
  18. 18.
    F. D. Repair, “SK6211_PDT_20090828.” [Online]. Available:
  19. 19.,“3S_MP_Utility_v2162.” [Online]. Available:
  20. 20., “Innostor_IS903_MP_Package.” [Online]. Available:
  21. 21.
    Caudill A.: Psychson—BadUSB code [Online]. Available:
  22. 22.
    Logitech, “G5Update12.exe.” [Online]. Available:
  23. 23.
    Tian, D.J., Bates, A., Butler, K.: Defending against malicious USB firmware with GoodUSB. Acsac, pp. 261–270 (2015)Google Scholar
  24. 24.
    D. Control and A. Control, “BadUSB- sticks locked out DriveLock Device Control protects against BadUSB Ludwigsburg, August 2014. Companies that want to protect against infection of a so-called BadUSB sticks have an effective solution with the award winning DriveLock Device Control,” 2014Google Scholar
  25. 25.
  26. 26.
    Imation, “Ironkey.” [Online]. Available:
  27. 27.
  28. 28.
  29. 29.
    Totalphase, “Beagle USB 12 Protocol Analyser” [Online]. Available:
  30. 30.
    Ellisys, “USB Explorer 200, USB Protocol Analyser” [Online]. Available:
  31. 31.
    Virtual USB Analyser [Online]. Available:
  32. 32.
    Teledyne, Mercury T2 Protocol analyser [Online]. Available:
  33. 33.
    Frontline, ComProbe USB [Online]. Available:
  34. 34.
    B. Logic, USB a NutShell.” [Online]. Available:
  35. 35.
    Griscioli, F., Pizzonia, M., Sacchetti, M.: USBCheckIn: Preventing BadUSB attacks by forcing human-device interaction. 2016 14th Annual Conference on Privacy, Security and Trust (PST). IEEE (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Department of Computer ScienceBahria University IslamabadIslamabadPakistan
  2. 2.Department of Computer ScienceComsats University IslamabadIslamabadPakistan

Personalised recommendations