NovoVocê sabe quais regulações se aplicam à sua empresa? Descubra em menos de 3 minutos. Nosso presente sincero:Mapeador da UEMapeador da Coreia
Como podemos ajudar?

Fale conosco em

KakaoTalkLINE

Resposta em até 48 horas

Envie-nos um e-mail →
Blog
The USB Pretending to Be Your Keyboard
Segurança para PMEs

The USB Pretending to Be Your Keyboard

7 de julho de 2026·Alex Holmquist, Panke IT Solutions LLC

You wiped the drive and ran a virus scan. Clean. So it's safe to plug in — right?

Here is the catch: there was nothing to scan. The dangerous part of a BadUSB device was never a file. It lives in the chip that tells your computer what the device is — and that chip can claim to be a keyboard.

Scene diagram: a USB stick holds up a speech bubble that says

BadUSB lets a device say what it is

Plug anything into a USB port and it introduces itself, declaring its type — storage, keyboard, webcam. Your operating system takes that at face value. But that identity lives in the device's controller firmware, which can be rewritten so the same stick announces "I'm a keyboard." Karsten Nohl's team at SRLabs proved this at Black Hat in 2014.[1]

What it does once it's trusted

Once your computer accepts the keyboard, the device starts typing commands faster than any human could — opening a terminal, fetching a payload. Off-the-shelf injectors have done this for years. The commands run with your own logged-in privileges, nothing to click and no file to open. That is user-level access, not admin — full takeover needs another step — but it runs as you, silently.

Avoid getting hacked with these tips

  1. Never plug in a USB device you found or can't account for.
  2. Use a data blocker when charging from a port or cable you don't control. It's a cheap adapter (a "USB condom") that passes power but physically cuts the USB data lines, so you charge without any data, or keystrokes, crossing.
  3. Turn on endpoint device control, or USB allowlisting. It limits what a device is allowed to be, so a storage stick cannot start acting as a keyboard.
  4. Treat "it scanned clean" as necessary, not sufficient. A passing scan is not a security program.

Found a USB stick in your parking lot? Don't plug it into your computer.

References

  1. Karsten Nohl, Sascha Krißler, Jakob Lell (SRLabs). "BadUSB — On Accessories That Turn Evil." Black Hat USA 2014. https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil
Preocupado com sua superfície de ataque?

Se quiser saber como sua infraestrutura é avaliada no modelo de varredura de um atacante, entre em contato em contact@pankeit.com para uma avaliação de superfície de ataque.

Assine nosso blog

Fique por dentro das últimas tendências de segurança

Sem spam. Cancele quando quiser.

©2026 Panke IT Solutions LLC

Austin, TX