USB Drives: A Hacker’s Dream

Wednesday, January 26, 2011 @ 06:01 PM gHale

Automation professionals are becoming more aware of the dangers of plugging a USB flash drive into a PC.

From Stuxnet all the way down to inserting a simple virus into a PC, a flash drive is a danger to a computer. In addition to the known danger, a flash drive can also pose as a keyboard and immediately pass keystrokes to a victim’s system.

Depending on the operating system, just a few emulated keystrokes can be enough to sabotage or infect a system. Mouse emulation is also possible. In contrast to USB flash drives, when a keyboard connects to the operating system, it will not usually display a window requesting permission to use the device. A user may not even be aware that a modified USB device posing as a human interface device (HID) connected to his or her system. Under Windows a pop-up window briefly displays, but under Linux only a glance at the logs will reveal this has occurred.

Until recently, hackers were using micro-controller boards with USB support, such as the Teensy USB Development Board, for such attacks. Hackers used this hardware to get into the PS3. At the Black Hat Conference, however, security specialists Angelos Stavrou and Zhaohui Wang gave a talk on how to hack PCs without the aid of specialist hardware. By applying a simple modification to the USB stack on an Android mobile, they were able to make it pose as a keyboard when connected to a computer.

Leave a Reply

You must be logged in to post a comment.