Theoretical question about security (BadUSB)

The question is similiar to the question asked by @Luye last year that came to my mind while thinking about buying a 2nd Model 01.

There was a presentation at BlackHat 2014 named “BadUSB - On Accessories that Turn Evil”, which showed that it’s easy to infect the firmware of USB-Sticks and other accessories to attack the computer without physical access to the hardware.

Luckily the Model 01 should be immune to such attacks since it requires physical access to modify the firmware by pressing the prog key (thanks @jesse and @kaia for thinking about security :+1: )

Now to my theoretical question: imagine a script kiddie who sells their used Model 01 but has flashed a malicious firmware just for laughs and giggles.

How can I as a user protect myself from that?

  • would flashing a new or old version of the firmware when first using the used Model 01 eliminate such risks?
  • could malicious firmware prevent flashing of new firmware by lying that a new firmware was sucessfully flashed?
  • would using a passive (or expensive active) USB to PS2 adapter prevent such an attack vector?

EDIT: more detail about the attack:

The issue isn’t so much about malicious firmware, but about a malicious bootloader. Indeed, a device with a malicious bootloader can lie to you about whether it’s replaced a device firmware. You’d need to use an AVR programmer to manually flash the firmware on the device over the ICSP connectors hidden inside the keyboard. If you’re legitimately worried about such an attack and not set up to do that kind of flashing yourself, you’re welcome to drop us a line at about pricing for us to help with such things. (You could, of course, always just buy a keyboard from us :wink:


Hi Jesse,

thank you for the answer to my question and for the nice offer. But it was merely of theoretical nature after thinking about buying a 2nd Model 01 and after I was reminded of BadUSB and BadBIOS attacks after reading an article were someone soldered a jumper onto their mainboard and onto their live USB stick, to make the NAND read-only on a hardware basis to counteract such attacks.

That’s probably the route I will choose. Not because of security concerns but because I can probably convince my employer to buy it for me (which will allow me to use my own Model 01 only from home). :smirk: