Romanian Cyber Security Journal / Fall 2020, No. 2, Vol. 2

Securely Transferring Data from BadUSB Devices

Marian TICU

---

Abstract

The constant growth and improvement of BadUSB devices pose an increasing threat from a cybersecurity perspective. Nowadays, regular USB devices could turn into BadUSB devices by reprogramming the firmware. They achieve new features and can simulate other peripheral devices like a keyboard or an external network adapter which could be used for malware purposes: keystroke injection, malware delivery, data exfiltration, network hijack or electrical damage. The manuscript addresses the topic of Bad USB devices and proposes a mitigation solution based on a Raspberry Pi system with a custom-made kernel which limits the attack surface by removing certain kernel modules.

Keywords

USB security, BadUSB, USB data transfer, USB HID attack, Raspberry Pi