Solution for Bad USB
Syba USB Port Blocker Locks
Use this port blocker to prevent other devices from being connected to the system. Keep out devices such as Pen Drive, Mass Storage Devices, Cell Phone Adapters, and more. The port blocker includes a "key" which is used to lock in and remove the USB blockers.
Product Centent:
USB Port Blocker: 4 Red
Physically blocks the USB ports to deny access to the USB ports
Includes: 4 locks and 1 key
Duckhunt
DuckHunt is a small efficient script that acts as a daemon consistently monitoring your keyboard usage (right now, speed and selected window) that can catch and prevent a rubber ducky attack. (Technically it helps prevent any type of automated keystroke injection attack, so things like Mousejack injections are also covered.)
Features:
Paranoid: When an attack is detected, keyboard input is disallowed until a password is input. Attacks will also be logged.
Normal: When an attack is detected, keyboard input will temporarily be disallowed. (After it is deemed that the threat is over, keyboard input will be allowed again). Attacks will also be logged.
Sneaky: When an attack is detected, a few keys will be dropped (enough to break any attack, and make it look as if the attacker messed up.) Attacks will also be logged.
LogOnly: When an attack is detected, simply log the attack and in no way stop it
Enabling Group Policy Editor
Using a HID Whitelist
Using a HID whitelist is an effective measure to prevent Bad USB attacks. A HID whitelist consists of approved USB devices that are allowed to connect to a system. By configuring the system to only accept input from authorized HID devices, any unrecognized or unauthorized USB devices, including potential Bad USB devices, will be blocked. This prevents malicious actors from injecting harmful commands or executing unauthorized actions through rogue USB devices. Implementing a HID whitelist adds an additional layer of security and helps mitigate the risk of falling victim to Bad USB attacks. It is important to regularly review and update the whitelist to ensure it remains up-to-date and includes only trusted USB devices.
Hak5 Malicious Cable Detector
The Malicious Cable Detector allows you to detect all known malicious USB cables, even the extremely stealthy O.MG Cables! Additionally, the Detector functions as a data blocker for safe charging.
It is easy to use: plug just the cable into the Detector, then plug the Detector into your computer's USB port. LED activity indicates signs of life!
The Detector analyzes cable behavior 200,000 times per second. And with mod-friendly hardware, you can use the 6 pin ISP header to create your own firmware. The solder jumpers allow you to enable debug output, and to select between data blocking or data passthrough.
USB Sniffer
The sniffer is based around Cypress CY7C68013A MCU, Lattice LCMXO2 FPGA, and Microchip USB3343 USB PHY.
Prices and availability of ICs vary, but the total BOM should be less than $50.
LCMXO2-2000HC speed grades 5 and 6 were tested and the provided JED file was built for the speed grade 5, so it should work for both. Speed grade 4 is too slow and does not meet timing requirements.
USB Sniffer Lite / DIY USB Sniffer:
USB Pcap
USBPcap is an open-source USB sniffer for Windows.
Data Blocker
What is a USB Data Blocker
A USB Data Blocker is a device that goes between a USB port and a device you need to charge that blocks data transmission over the data lines, but still allows charging.
Why use them?
to protect your mobile device when charging from an untrusted power source
to protect your computer from an untrusted device that needs to be charged
to allow a device to charge from a power source that it is not compatible with
The legitimacy of the security value is not in scope for this writeup. But what is the security value of a device if you do not understand it?
How do they work?
A lot of people believe that you can simply disconnect or remove the data lines of a USB cable to achieve the same functionality of a USB Data Blocker. In reality, this will only work for a very limited number of USB devices. Most devices look for some basic signal on the data lines to know how much power they can pull from the power source. So, a USB Data Blocker needs to be able to send this signal to the device requesting power. There are tons of different possible signals because of the various "standards" and proprietary signals chosen by different manufacturers. If you want to know more, this is a good reference. In general, the signals are basic: shorted data lines and/or a specific voltage applied to the data lines.
Spacehuhn Data Blocker
A small and simple adapter blocks the data connection of a USB port.
You can use a tool like this whenever you want to make sure a USB port is used for charging only. This is especially useful when using public or otherwise untrusted USB devices to prevent BadUSB attacks.
Note that this adapter will likely prevent your devices from fast charging too, as this requires a data connection too.
ZSecurity Usb Data Blocker
Stop yourself from getting hacked by a rogue device masquerading as something else. The Data Blocker ensures a power-only connection between your device and the host system or power source preventing USB-based malware attacks.
Hackers can fully compromise and hack a machine by simply connecting a USB device to it.
Any USB device can be used to hack you, even simple devices like a lamp or a charging cable!
With this data blocker, you can safely connect USB devices to your computer and provide power to the connected device without compromising the security of your machine.
Amazon Data Blocker
Other Data Blocker
DIY USB Data Blocker
Steps:
USB type A pinout.
Remove data pints from the female connector.
Connecting the male & female ports.
Case using heat shrink tubes
3D printed case.
Testing to make sure everythin is connected correctly
Last updated
