最新您知道哪些法規適用於貴公司嗎?3 分鐘內即可確認。我們誠摯的禮物:歐盟法規工具韓國法規工具
我們能為您做什麼?

透過以下方式傳訊

KakaoTalkLINE

48 小時內回覆

傳送電郵給我們 →
部落格
The USB Pretending to Be Your Keyboard
中小企業安全

The USB Pretending to Be Your Keyboard

2026年7月7日·Alex Holmquist, Panke IT Solutions LLC

You wiped the drive and ran a virus scan. Clean. So it's safe to plug in — right?

Here is the catch: there was nothing to scan. The dangerous part of a BadUSB device was never a file. It lives in the chip that tells your computer what the device is — and that chip can claim to be a keyboard.

Scene diagram: a USB stick holds up a speech bubble that says

BadUSB lets a device say what it is

Plug anything into a USB port and it introduces itself, declaring its type — storage, keyboard, webcam. Your operating system takes that at face value. But that identity lives in the device's controller firmware, which can be rewritten so the same stick announces "I'm a keyboard." Karsten Nohl's team at SRLabs proved this at Black Hat in 2014.[1]

What it does once it's trusted

Once your computer accepts the keyboard, the device starts typing commands faster than any human could — opening a terminal, fetching a payload. Off-the-shelf injectors have done this for years. The commands run with your own logged-in privileges, nothing to click and no file to open. That is user-level access, not admin — full takeover needs another step — but it runs as you, silently.

Avoid getting hacked with these tips

  1. Never plug in a USB device you found or can't account for.
  2. Use a data blocker when charging from a port or cable you don't control. It's a cheap adapter (a "USB condom") that passes power but physically cuts the USB data lines, so you charge without any data, or keystrokes, crossing.
  3. Turn on endpoint device control, or USB allowlisting. It limits what a device is allowed to be, so a storage stick cannot start acting as a keyboard.
  4. Treat "it scanned clean" as necessary, not sufficient. A passing scan is not a security program.

Found a USB stick in your parking lot? Don't plug it into your computer.

References

  1. Karsten Nohl, Sascha Krißler, Jakob Lell (SRLabs). "BadUSB — On Accessories That Turn Evil." Black Hat USA 2014. https://www.blackhat.com/us-14/briefings.html#badusb-on-accessories-that-turn-evil
擔心您的攻擊面暴露風險?

若想了解您的基礎設施在攻擊者掃描模型中的評分,請聯絡 contact@pankeit.com,進行攻擊面評估。

訂閱我們的部落格

掌握最新資安趨勢

絕無垃圾郵件,隨時可取消訂閱。

©2026 Panke IT Solutions LLC

Austin, TX