I know many of you enjoy how easy it is to plug and play devices into your computer using the USB ports. The truth is, this “plug and play” feature that works in the background, is a HUGE security vulnerability. You see, once you plug-in that usb device (mouse, thumb drive, keyboard, etc) into the usb port, the computer’s operating system (OS) installs the driver and configures it automatically. Translation: This process allows the device to operate immediately without having to restart the computer.
Why this is bad for security purposes, is that there are devices out there that trick the computer into thinking it is a keyboard, thus bypassing any software that protects your systems such as anti-virus. What is even worse, is that this vulnerability has been known for years!
With that said, we at Quinndefense are going to inform you of a few hardware devices that can be used to compromise your computer system:
- Rubber Ducky – *Featured in Amazon’s TV series Mr. Robot* This USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive. Computers recognize it as a regular keyboard and accept pre-programmed keystroke payloads at over 1000 words per minute. Payloads are crafted using a simple scripting language and can be used to drop reverse shells, inject binaries, brute force pin codes, and many other automated functions for the penetration tester and systems administrator.
- Bash Bunny – The Bash Bunny is a full featured Linux box with shell access from a dedicated serial console. By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards, computers are tricked into divulging data, exfiltrating documents, installing backdoors and many more exploits.
The good news is that there are ways to protect yourself from these attacks since someone needs physical access to your computer to do it. Lets begin:
- Do NOT accept any USB devices from anyone! This includes mouse, keyboard, thumb drive, etc. They could be disguised as one of the devices we just listed! Find a flash drive on the floor outside a bank? Do not pick it up!
- Disable your USB ports! If you are comfortable with computers, then follow this post off PCworld which gives instructions in editing your registry to lock the USB ports with a password and then unlock them when needed.
- Make another user account that does NOT have root access! This means, if only have one user account when you first unboxed your computer, chances are that account has root/admin access to your computer. Having such access is convenient in installing software and everyday activities, but is also convenient for the bad guys in accessing your computer much easier. We HIGHLY suggest you make a separate user account that you will use on a daily basis and leave the admin account alone.
- Physically lock up your devices. When you leave your home or office, be sure to lock your doors! The more barriers that hinder someone from physically gaining access to your electronic devices, the better!
If you are late to the game and are just now reading this, assume the worst! We suggest backing up any important files to an external hard drive and perform a factory reset on your devices to 100% guarantee your system(s) is not infected.
Take care and stay safe!
*Your feedback is important to us! Please leave comments here or email firstname.lastname@example.org *