Announcement of 08. setembro 2014

G DATA USB Keyboard Guard - reliable protection against manipulated USB devices

Free tool from German virus protection experts prevents attacks using USB keyboards.

Malware that infects computers when a manipulated USB stick is connected has been around for several years. Researchers at the Berlin Security Research Labs (SRLabs) have discovered a new, previously unnoticed method of infection. The new type of attack was demonstrated at the Black Hat hacker conference in Las Vegas at the beginning of August: the firmware on a USB device can be changed so that it can pretend to be any type of device when connected. A seemingly harmless USB stick could log on to the system as a keyboard and secretly enter harmful command lines in the PowerShell interface. The attacker would then be able to gain control of the infected system. This attack method is possible because USB devices such as printers, cameras or USB sticks are generally deemed to be safe and therefore have full access to the system. G DATA security experts have developed the free G DATA USB Keyboard Guard as protection against manipulated USB devices.

Although we are not aware of an actual attack so far, the potential consequences of this new form of attack are severe. Less obvious attacks based on USB connections are also conceivable. "If the firmware is overwritten, every USB device can turn into a potential source of danger. In the worst case, USB viruses could be created," says Ralf Benzmüller, head of G DATA SecurityLabs, on the severity of the situation. The most effective way of executing these attacks is to use USB keyboards. If you can use keyboard commands to open a command line interface like PowerShell, you can gain full control of the computer and type in commands. These are impossible to distinguish from real keyboard actions and are not registered by the security mechanisms in antivirus solutions.

Access to new keyboard is prevented at first

G DATA has responded immediately and developed G DATA USB Keyboard Guard. It offers protection against the most likely form of abuse to be used in an attack - USB devices that pretend to be keyboards. If a system detects a new keyboard, access is prevented at first and a pop-up is displayed. The user then has time to check whether the device is actually a keyboard and can permanently permit or prevent access. If the device in question has been manipulated (a programmable USB stick or a web cam that has been infected by a USB virus, for example), access to the device can be blocked. This effectively prevents attacks using keyboards.

Operating system is unable to distinguish between fake and real input

Targeted USB attacks on companies are particularly serious. But home users are also at risk. Considering almost 100 million USB sticks are circulating in Germany (source: Statista), this risk must be taken seriously. "When you connect an infected USB device, it is basically like sitting a hacker down in front of your PC", is how Ralf Benzmüller assesses the consequences. "The operating system is unable to distinguish between fake and real input. With G DATA USB Keyboard Guard, we offer the most effective protection against such attacks." 

The free tool is independent of the installed antivirus solution and compatible with other antivirus products.

How to install G DATA USB Keyboard Guard:

  • Double-click on the downloaded file and start the installation. Select the desired language and click "Next".
  • In the next step, you need to click on "Installation" again. Confirm the licence agreement by clicking on "Accept & install" to start the installation. If you do not accept the agreement, the installation will be terminated.
  • As soon as the installation is complete, you will need to restart the computer.
  • After the restart, you will see an information window, which you can close. The system tray icon indicates that G DATA USB Keyboard Guard is running in the background.
  • The PC is now protected. If the system detects a new keyboard, G DATA USB Keyboard Guard blocks it and displays a warning message. You then decide what you want to do with the newly detected USB device by clicking on "Allow keyboard" or "Block keyboard". G DATA USB Keyboard Guard remembers the decision for devices that are allowed so that they do not have to be released every time they are connected.

System requirements

Windows (32 bit / 64 bit): Windows 8.x / 8 / 7 / Vista, at least 1 GB RAM; (32 bit): Windows XP (SP2 and above), at least 512 MB RAM



Announcement of 08. setembro 2014

G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49-234-9762-239

Kathrin Beckert-Plewka
Public Relations Manager


Kathrin Beckert-Plewka

Phone: +49 234 9762 - 507

Vera Haake
Public Relations Manager


Vera Haake

Phone: +49 234 9762 - 376