BadUSB 101

Cristian Cornea
4 min readJun 2, 2022

In this article, we will discuss BadUSB, how to program it, and some offensive tricks of delivering it.

What is BadUSB?

It’s a bird? No

It’s a plane? No

It’s a USB? Maybe…

It’s a Mouse? Somehow…

It’s a Keyboard? Commonly yes…Wait what?

Basically, the BadUSB is an Arduino-backed device that can interpret a mouse and a keyboard.

Is it really used in real life?

If you can imagine, yes, the BadUSB was used and it is still being used in real-life scenarios. One of such examples would be the BestBuy attempt, where attackers multiple letters, where they attached those BadUSB devices, through postal delivery, as you can see below.

BadUSB versus Rubber Ducky

Rubber Ducky is better known than the BadUSB, but let’s see the real differences between those two.

BadUSB:

  • Easier to find on the market
  • Cheap (~$10)

--

--

Cristian Cornea

🇷🇴 Founder: Zerotak Security | Cyber Security Training Centre of Excellence (CSTCE) | SectionX.io | BSides Transylvania