How not to fall victim to these badUSB devices?

• Don’t accept (weird) usb devices or insert them if you don’t know their origins.
• Use an USB Condom or USB dust caps or protector caps, but these things only really help when you leave your devices unattended for VERY short amounts of time.
• Threathening people with violence when they insert foreign usb devices in your computer is an option but generally frowned upon by HR (yes this is a joke, don’t use violence!)

but let’s assume that one day someone IS able to plug-in a badUSB in your computer..

• Don’t keep passwords in txt-files on your pc. Use one of the many password managers out there! (bitwarden, keepass, lastpass, protonpass, …)
• Only use your admin account for those times you actually need it.
• Multi-factor authentication is absolutely helpful as malicious actors need more than just your password to do naughty stuff on your account!

How can we detect badUSB abuse?

• USB forensics is… special and so we shouldn’t always trust its data.
• Sure, there are some tools out there.
• More interesting is doing command line logging which can be done in multiple ways.
• It might surprise you that windows doesn’t really do that out-of-the-box
• Things like enabling constrained language mode also help

Bottom line: defense in depth is key, always.

FUD (Fear Uncertainty & Doubt)

On a regular basis, the topic of ‘juice-jacking’ comes up.

• From the FBI -Local ISP’s
• Belgian Police

And while these theoretical attacks could happen, you’d always have to ask yourself this: who would take the risk of burning advanced malware code on a public space with high changes of getting caught with little possible gains? So, in specific enterprise environments, it makes sense to be very aware of BadUSB abuse. But how prevalent is this problem in random public settings?