BadUSB: What you can do about undetectable malware on a flash drive

We've known for years that malware can spread via portable storage. But BadUSB shows that scanning the drive may not be sufficient.

After reading about BadUSB, Barbara asked if it was safe to share files through a flash drive. "Would we be safer using a cloud service?"

A cloud service might be safer than a flash drive, although that has its own dangers--especially with privacy. BadUSB shows us that malware can infect and reside in a flash drive's firmware, which your antivirus program can't scan the way it can scan the drive's main storage. It's like having the malware in your motherboard's BIOS--except that this motherboard will likely get plugged into multiple computers.

[Have a tech question? Ask PCWorld Contributing Editor Lincoln Spector. Send your query to]

As far as we know, as I write this, BadUSB is not yet malware. It's an experiment intended to prove this sort of thing can happen and that we need to protect ourselves.

But if it were malicious, it could trick your PC into thinking it's a USB keyboard, and then tell it to download something bad. It could take over your DNS settings and send you to the wrong websites.

Luckily, your antivirus software would probably catch and block this sort of activity . But that's probably, not definitely.

Better flash drives would fix the problem. IronKey claims its drives use digitally signed code, which makes it impossible for anyone else to change the firmware.

If IronKey is correct, and if other companies follow their lead, the problem will go away...eventually.

In the meantime, here's what you can do to protect yourself:

  1. Don't share flash drives. Stick with the cloud for file sharing.
  2. Follow the general rules of PC security: an up-to-date antivirus, a firewall, Web protection, and so on.
  3. Let the manufacturers know that you want BadUSB-immune portable storage.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags malwareUSB drivespcworldbusiness security

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Brand Page

Stories by Lincoln Spector

Latest Videos

More videos

Blog Posts