3

I'm asking myself what to do after a user gets attacked by BadUSB? (Full scan, boot-time scan, ...?)

Is the "bad usb" stick even able to infect the user's system with malware or other spy tools?

PatrickMA
  • 183
  • 7
  • 1
    They pretty much explain this all on their [site](https://srlabs.de/badusb/) and even link to the actual [blackhat talk](https://www.youtube.com/watch?v=nuruzFqMgIw). This should hold all the info you need. – BadSkillz Jan 26 '16 at 10:58
  • 1
    You are basically asking us what to do after any arbitrary attack on the computer has occurred. That is a bit too broad to answer specifically. General advice is to wipe and reinstall. – Neil Smithline Jan 26 '16 at 16:44

2 Answers2

1

The problem with someone being able to execute commands on your machine is that they don't really need a virus at that point. They can use perfectly legitimate tools/commands to obtain and retain ownership of your machine, so anti-virus is rather moot.

The only "right" suggestion for what to do after being victim of an attack is to format the machine and start again. And hope that you were being diligent with your backups.

AlexH
  • 1,168
  • 6
  • 8
  • Is standard formatting (at Windows Setup) secure? Or should we wipe the drive entirely (with 0s and 1s)? – PatrickMA Jan 26 '16 at 11:00
  • Wiping with 0s and 1s is usually done to prevent forensic recovery of your files in the event that your drives are seized by an adversary. Format during Windows reinstall is sufficient for "cleaning" a device of malware. It's theoretically possible for malware which exists in the BIOS to bypass this, but that likelihood of actually encountering that in the wild is pretty low. See here for more info: http://security.stackexchange.com/questions/7204/is-making-a-clean-install-enough-to-remove-potential-malware – AlexH Jan 26 '16 at 11:02
0

There are many things that are connected through USB on a pc, even more so on a laptop. An attacker could scan for other vulnerable usb chips in your keyboard, webcam, mouse etc. and infect these as well. At this point clearing the HDD won't help you anymore as your webcam is now infected and will happily reinstall any malware or backdoor the attacker chooses.

As to what a BadUSB device could become; pretty much anything that can be connected to usb, so a networking card to preform a MiTM attack, a keyboard to execute commands, a usb flash drive to install a virus.

So to quote srlabs:

Once infected, computers and their USB peripherals can never be trusted again.

BadSkillz
  • 4,444
  • 25
  • 29