Put your computer's ports inside a steel safe

11:00 That is NOT a surefire way to protect your computer from a BadUSB device. Once the attacker realizes that the computer only allows whitelisted devices, it's trivial to spoof the VID and PID of the BadUSB to make it appear as one of the whitelisted devices.

Also if someone suspects that this happened, they could turn their router off or unplug the computer from the network while they reinstall the OS. Sure there are ways to get rid of these things without reinstalling. I just prefer a clean install so I know that I am rid of it and anything else that may have been installed that I did not notice any signs of. It also helps in case the malware is a newer variant that antivirus does not yet recognize. One thing to remember about malware is it can be tricky to pick through and remove all traces. With a clean install you know it is gone and you didn't spend your day searching the registry for it. The other nice thing about a clean install is that some malware reinstalls if you miss any. That doesn't happen with a clean install. Instead you know it is gone.

I'm one of the lucky people that have had one of these flash drives sent to me from a fake Amazon... I opened it up first thing before doing anything else because the letter that came packaged with it looked sus as hell. If it was just a flash drive with no letter I might have just plugged it into my PC. It had a ESP32 Arduino board in it but I think something went wrong when they flashed it because I got corrupted data when I dumped the firmware. I even tried plugging it into an old laptop when I failed to dump any data from it but it didn't do anything. I've since repurposed it and have used it for various tinkering projects so I'm kinda glad they sent it to me. Because in the end I just got a free Arduino board out of it.

11:01 That's doesn't matter, it's possible to figure out the vendor ID/Product ID of an allowed device and program on a BAD USB...

If anyone else has physical access to your machine, or if you run any untrusted code (javascript etc) it is game over. How many times does it need repeating?

SumSub is filling the Disrupt sized hole in my heart!

Nice Video. Unfortunately, even computers without internet (and data) are not safe. There are also USB sticks that contain a capacitor that will destroy your entire PC. So only do this if you know what you are doing.

Is the device whitelist enough protection? Isn't there some sort of passthrough bad usb that would have a female usb port on one side thay you would plug in the original peripheral and it would clone its ID and other properties so it would bypass the whitelist?

A simple OS-level fix would be to always inform the user that a new "keyboard" was detected and to stop keystrokes from going through.

How would these attacks fair up against immutable OSes?

No malware needed! The protection software is the malware as it make the product so hard to use its unusable. True for most corporate computers.

Thank you Elliot and SumSub 💯

Suppose you have Virus,malware file in your PC and you don't know. Does that also gets backed up to your cloud storage(Onedrive)

I actually made my own to run non-maliciouse code(For a Demo of what these could do).Realistically they are so small I instead grabbed a plug in wired keyboard and directlly connected the micro usb.

So lets say I have this Huge plush Enter button that I do not trust since I bought it from Ali Express. How do I put the device under surveillance? Do I have to use a Keylogger to know whats being typed by the device or are there any better methods?

You can actually change the firmware that runs on a USB stick, this way you can just repurpose generic USB flask drives and program the controller to also expose a HID device when needed!

What would this attack do on a PC where you are not logged into a admin account? nearly all video's/articles do not show this.

I recently got into hardware stuff and made similar thing with my Raspberry Pi Pico, "macropad" cool thing if you like to tinker

I would have designed a dedicated PCB for this and programed it as a USB hub, so there will be a flash drive, and a keyboard in one. The user will think it’s a flash drive and use it as normal and unknowingly inject the malware into multiple devices as they transfer files from one device to another. The malware will do its job behind the scenes with low risk compromising tasks such as fetching personal data which could be sold such as email addresses, and ad data. I don’t think this would be hard to do…. I’ve never done it and I never would, but knowing is possible and how it’s possible is the first step to prevention

I teach English in China. Chinese software and Chinese computers in a war for domination, it's so convoluted. That's why when a student asked me to scan his semester's worth of homework, I said do it yourself. I installed the printer scanner software on his laptop but it's being blocked by something. Oh well, his problem, not mine.

What about virtual machine? Are they programed so they escape it?

Has anyone created a program that disabled the usb slots everytime the corresponding usb was unplugged? And that you had to type in a password to reactivate it?

I sat through a sumsub ad! Ill never get that 12 minutes back!

Obscurity over security ;) If you setup your machine in a non typical way, she'd win. How about the intel management hacks?

Can you please make a video about if there is flash drives that already affect your computer after plugging in and then out and still counting as its plugged in using wifi, And if so. Can you please make a video how it looks like or

You can use a USB data blocker to stop any malicious code been sent to the computer .

10:07 Delayed RCE is such a simple yet checkmate attack!.

maybe you should hide the name of these usbs as I found so much information that a newbie could make an attack on someone by just using a USB. but anyways the video was great and the editing is just one of the best I have ever seen. and btw thanks for making these videos as it helps outers to get better at the security

the pico is even cheaper and still very good and i think it supports most OSes

As a gamer It only takes 15 minutes to re-install windows and and a few more for drivers...Run a spring clean/format/ O.S reinstall annually...NO MATTER WHAT. But if i worked fromhome on mah pc , geez what a nightmare.

7:20 You sure it's not possible to extract code from arduino? It can be trivial to extract & disassemble such mcu code.

I would’ve love to get sent one of those

3:20 When did they rename "Device Manager" to "Task Manager"? lol

It is important to state that msiexec is a major security hole, but M$ doesn't give a crap. The best course of action is to replace that executable by a dud.

Yeah you could probs make a udev rules that bans all unapproved HID devices unless its a specific usb keyboard or only I2C if the pc has a built in keyboard/touchpad

Time to watch this video because I feel paranoid

Do these softwares run on linux?

I am waiting for your video.. 😃😀

USB VendorID and ProductID (VID&PID) even usb_product & usb_manufacturer can be changed at arduino boards "\arduino\hardware\arduino\avr\boards.txt" I can make badUSB look like any USB device, for example Logitech K270 Unifying Receiver

Most decent AV conducts a scan on any connected external drive. Why didn't you mention this?

This is old news, new bUSBs can work hundred times flaster and have encrypted memory

7:35 Rat= Remote administration tool

Where can I download these script files and if the attack is possible on Digispark ATtiny85 microcontroller

Just disconnect from all networks, Bluetooth included

My Flipper Zero says "hello".

What can you use to live a normal life without somebody being nosey?

i thought is was a USB that was bad but in reality it was very bad

If you don't run logged in as administrator or root by default, would that not prevent the commands from being executed? Installing software require administrative privilege does it not? There ya go! Problem solved and hack thwarted!

...Or just do not put random usb into computers.

Well, i would have those USB-Sticks for free! There are Arduino Pro Micros in there. They cost around 10 euros. Ill take them for free.. so i can reprogramm them to make them fit for my own Projects. I like to play around and build devices with Arduinos. they are quite useful. especially for small Circuits, which needs an Microcontroller.

Use ghost Linux to reset it

His voice is like a narrator from horror film 🥶🥶

can we check the usb on a virtual machine to see if it is safe to use it ?

Brother your to genius

11:11 Uhhh you can just easily re-program the vendor ID and product ID on the arduino. If this is supposed to be a cybersecurity education channel, you shouldn't spread misinformation, especially the claim that it is a "perfect solution". Please be better. Edit: Also VID and PIDs aren't exactly secret, there's a public list of them.

Whitelists won't help, it's easy to spoof the ID

Whomever trying to hack defense companies with such a hacked up solution is unbelievably stupid. If I were one of those, I would come up with a flash drive that behaves 100% like a normal flash drive and uses 100% the same circuit so no one would discover it. For instance, inside those flash drives is a programmable USB controller chip (i.e. it has an embedded CPU inside handling USB handshaking and flash initialization, then uses DMA to shuffle the bulk of the data), and a flash memory chip. If I were doing this, I would get a copy of source code of normal program running inside those chips, modify the code so once in a while it secretly attacks once, then revert back to normal operation. I will reprogram a totally normal flash drive with this spiced up code, and deliver it as a gift. Oh, BTW, I would also not choose my method of attack like this. A USB HID is so easy to get recognized. I would exploit buffer handling bugs in the USB driver stack (Ring 0 code is NOT DEP-protected on Windows), then carefully construct malicious USB data packets to inject machine code into the driver stack. This would be really difficult as the driver stack is really well guarded by code reviews, but I'm sure if a major government is to pull this off, they have uncovered 0-days here and there at disposal.

why the fuck is the usb connector so janky?

Elliot from MR.ROBOT ?

This is a clickbait that can be forgiven

In all honesty computers should be locked away where staff can't touch them, if there's usb ports they can reach fill them with superglue. It doesn't matter how many times they are told they will still plug things in and click attachments. I have never had a client get hacked, but I have had systems brought to their knees by stupid staff.

Do you have any really hacking course we want to join

the military presence is here now and will express extreme prejudice🖤👹☠💀

"Attack on a SHUT DOWN Computer" is clickbait, imo. it heavily implies that the attack can work while the PC is off, not waiting until it's turned on.

Knka turkce altyazida ekle

❤❤

I would be happy if someone would send me one of those overpriced arduino boards. P

❤

No one can beat you in regard of hacking thank u

Maybe computers aren't that convenient or useful, after all. 🙄

windows lol

You ARE hackers if you can do these things, WHITE HAT hackers they are called. And hacking doesn't mean something is bad, it's just people that are good at creative uses of technology, just like electronics engineers but more often with software.

So where's the part of the "SHUT DOWN COMPUTER"? Kek. Misleading crap

Hehe

Ur name starts with a A

If you use a Windows machine you deserve what you get. Windows is trash.

Plus who gives out their real info

test

whitelists really????? bad actors would just make the device appear to have a know vendor id... who wrote this crap??///? you can contact me, 20 yrs in it, and interview me, this is the worst video ive ever seen

Bad USB is not a device. Bad USB is a rootkit itw malware, PoC in 2013. To burry the Bad USB malware discussion, someone invented Bad USB device attacker and overly promotes it. Taking the Hak5 Rubber Duck and rebranding it as Bad USB. WTF.