For example, the Termius Technology Chipset used in all of our Plugable-brand USB 2.0 hubs is a fixed-function hardware ASIC without executable or updatable firmware. These USB devices are not vulnerable to BadUSB-style attacks of any kind.
On the other side, our USB 3.0 SATA drive docks use the ASMedia 1051E and 1053E chipsets, which have an 8-bit microcontroller. It is firmware upgradable. So while the recently released BadUSB code will not infect these docks, in theory they could be targeted in the future with a similar effort to that which went into BadUSB.
An interesting 3rd example is our Plugable USB 3.0 Tablet / Laptop Docking Stations and Graphics Adapters. These use DisplayLink DL-3×00 and DL-5×00 chipsets. They make use of firmware. That firmware is software upgradable. However, DisplayLink has implemented on-chip authentication, encryption, and firmware validation which makes it quite difficult for any 3rd party to successfully update firmware. To date, no 3rd party has successfully been able to crack this and talk to the DisplayLink chip. That is one of the reasons why these products work only with Windows and Mac where DisplayLink provides drivers themselves. No software-based security is invulnerable. But it can be a strong mitigation.
You can find out which USB controllers are used in our products on the product pages at Plugable and on Newegg or Amazon listings, etc. We do that because chipset is the best way to dig into compatibility details, but it’s also the best way to research what security features the chips have. We’ll be working to expand on our security information and features over time.
Hopefully some of this detail helps create a fuller picture of what BadUSB is and isn’t. You can also get a lot of great detail from Brandon Wilson and Adam Caudill’s video of how BadUSB was created. If you have any questions, we’re happy to share what we know, just comment below.
Founder, Plugable Technologies