How To Protect Yourself From MalDuino

 

MalDuino is part of a wider family of USB devices known as 'BadUSBs', they're keystroke injection tools. Taking advantage of keyboard input as a trusted method of interfacing with a computer they're able to do all kinds of devilish things.

But how can you yourself protect yourself from BadUSBs?

Here are 3 ways of protecting/mitigating the damage from BadUSB attacks:

Physical protection is pretty important, if you can prevent unauthorised devices from being plugged in then it's just a catch-all solution, right? Take a look at these, Lindy port blockers. They'll physically block access to USB ports. For critical infrastructure you'll have to look elsewhere. But at cons or when you're out in public these are a great way to put off would be attackers. Why fiddle with trying to remove these small cartridges when you could just move on to the next victim?

Duckhunt on github (windows only) is a small application that'll run as a backround process, continually monitoring the speed at which keys are types, it'll block all HID (human interface devices) is it detects unusual typing speeds. The only downside being that the first few characters of an attack will probably get through.

 

Locking down your admin rights is a good idea whether you're worries about BadUSB attacks or not. On windows 10 the default behaviour for a request from the user to make changes which require admin rights, is just to provide a yes/no prompt on whether you want to make admin-level changes. Sounds a bit silly to give someone that level of control right? Even if they are the admin themselves. This can be pretty easily changed with a registry level edit to make the OS ask for your admin password before it hands over the keys to the castle. This is well documented by Microsoft.

Know any other methods of preventing BadUSB attacks? Let us know! Tweet us @maltronics_

Previous article Introducing: Internal KeyLogger