BadUSB vulnerability is considered one of the worst IT vulnerabilities ever found.

To remove BadUSB vulnerability, first you need to create a blacklist. After that, avoid automatic USB installation and disable inactive USB ports. But let’s see what is BadUSB and how it works.

Discovered a few months ago, this big security hole affects the way USB devices communicate with an operating system.

BadUSB is a major security flaw that allows online criminals turn a simple USB device, for example a keyboard, into a means of sending malicious commands from the user’s computer to trigger an action or contact a server controlled by hackers. To be able to do this, the firmware in the USB controller chip is reprogrammed. Protection against this type of threat is difficult to secure, since there are no means available against this type of threat.

Using this flaw, cyber-criminals can obtain important details on exploiting vulnerabilities in USB controllers, present in many types of USB devices. Since USB devices are used on a regular basis and are part of our systems, we need to know how to stay safe from this vulnerability.

For more information on BadUSB vulnerability, you can also check our this NakedSecurity article.

Our security researchers have now come up with a few simple steps you can follow in your Windows operating system to stay safe:

Create a Blacklist

There are several ways we can limit our exposure to this vulnerability, and one of these methods is by creating a blacklist.

Follow the steps below:

    1. Go to Start – > Run and type in gpedit.msc to reach Local Group Policy Editor.
    2. Access the following: Computer Configuration > Administrative Templates > System > Device Installation > Device Installation Restrictions. You should arrive in the location from the image below:

Local Groups Policy Editor - BadUSB fix

  1. Double click Prevent installation of devices using drivers that match these device setup classes and choose Enable.
  2. In the same location, click Show to create a blacklist of USB devices via their GUID.

You have a few examples below:

4d36e96b-E325-11CE-BFC1-08402BE10318 – this one controls the automatic installation of USB keyboards.

4D36E972-E325-11CE-BFC1-08012BE10318 – this one corresponds to the NIC (network interface controller)

e0cbf06c-cd8b-4647-bb8a-263b45f0f974 – this one is for bluetooth.

For more information about GUID numbers, check this quick guide.


Avoid automatic USB installation

Another option to keep your system safe from the BadUSB vulnerability is to disable the automatic installation of new USB devices.

Therefore, go to the same location as above and follow these steps:

1. Double click Prevent installation of removable devices and Enable it.

2. Double click Allow administrators to override Device Installation Restrictions policies and Enable it.

In this case, we need to underline that if you want to install a removable device in the future, you will need to do it with Administrative rights.


Disable inactive USB ports

Though it is not a very popular method, our security researchers suggest that you should disable those inactive USB ports.

We also need to emphasize that unknown USB devices from uncertain sources should not be installed on the system.



When we think of system vulnerabilities and malware, we naturally imagine an operating system connected to the Internet, that needs to protect valuable data and private information from all sorts of online threats.

But malware and security flaws can be spread and addressed also through a USB device. Using a USB device for this malicious purpose has now become a favorite tool for online criminals’ actions. For this reason, we advise caution when using an unknown USB device or one that comes from an unknown location or source.

For more ways to remove malware, please refer to the cybersecurity mega-guide.

The easy way to protect yourself against malware
Here's 1 month of Thor Foresight Home, on the house!
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe


Try Thor Foresight

This post was originally published by Aurelian Neagu in October 2014.

Detecting and Preventing Phishing
2018.07.25 SLOW READ

The ABCs of Detecting and Preventing Phishing

Improve your Online Privacy

Online Privacy in Under 1 Hour: Improve Your Security Fast

About the Time I Got Hacked

True Story: About the Time I Got Hacked and Lost All My Work


how can i do this in cmd (bat)?

Would this also keep existing firmware safe? I’m not buying a K70 gamer keyboard if some zero-day Flash hole allows a trusted website’s external ad to put an undetectable, unerasable bug in it.

Hi Cees!

This vulnerability has been solved, so you needn’t worry about it. However, there’s no guarantee that a security vulnerability such as this one won’t occur in the future, which is why we recommend building a multi-layer security system, that includes and antivirus product and a solution that can protect you from advanced cyber threats. This particular security guide for gamers may come in handy:

Leave a Reply

Your email address will not be published. Required fields are marked *