USB Flash Drive Data Recovery Blog

Providing expert advice on broken flash drive repair and flash drive data recovery.


BadUSB: What You Need to Know

Ryan Stutzman - Sunday, October 05, 2014


A few months ago two security researchers named Karsten Nohl and Jakob Lell developed a new and insidious breed of malware called BadUSB. While malware designed to infect flash drives has been around for more than a decade, it has been relatively easy to detect and remove. A good antivirus program was all that was required to detect it and simply formatting the drive would remove it.

How BadUSB is Different?

Unlike other viruses that reside in the flash drive's NAND memory, BadUSB and its recent clone live in the flash drive’s controller--basically a smaller version of a computer's CPU. This makes the malware both undetectable to antivirus programs and impervious to formatting. In Nohl’s words, “These problems can’t be patched."

Exactly How Bad is BadUSB?

In addition to being nearly impossible to detect and remove, BadUSB gives hackers the ability to completely take over a user’s computer including sending keystrokes, transferring files and redirecting internet traffic. Bottom line, it’s about as bad as it gets. There may, however, be some hope. A representative at Symantec recently pointed out that while the BadUSB may be able to cloak its nefarious purpose, as soon as it tries installing or running malware on a protected system, resident security software should detect and block it.

How does BadUSB spread?

Like most flash drive malware, BadUSB can move from flash drive to computer and computer to flash drive. To prevent infection, your only option is to use your flash drive only on trusted computers.

How to Minimize the Risk of BadUSB?

Since the BadUSB vulnerability is only associated with one vendor, Phison, you can minimize your risk of infection by avoiding any USB device that uses a Phison controller. A Windows app called ChipGenius will tell if your flash drive uses a Phison controller. The screenshot below shows a flash drive that uses a "safe" SMI controller.




You can download ChipGenius here.