Top 5 USB Hacks that PWN You

A USB based dongle can go long way in terms of screwing you, your data, and even your life. Every other day we come across a new device that exposes a new type of vulnerability, enabling hackers to go wilder.

Let’s take a look at Top 5 Best USB Hacks that can PWN you:

1. BadUSB

BadUSB reprograms embedded firmware to give USB devices new, covert capabilities. A USB devices takes on the ability to act as a keyboard that surreptitiously types malicious commands into attached computers. A different drive can be reprogrammed to act as a network card that causes connected computers to connect to malicious sites impersonating Google, Facebook or other trusted destinations. Similar hacks work against Android phones when attached to targeted computers. Hackers claim that the technique works with Web cams, keyboards, and most other types of USB-enabled devices.

bad_USB

The Black Hat presentation, titled BadUSB—on accessories that turn evil, provided 4 demonstrations, three of which targeted controller chips manufactured by Phison Electronics. These are:

– Transforming a brand-name USB stick into a computer keyboard that opens a command window on an attached computer and enters commands that cause it to download and install malicious software. The technique can easily work around the standard user access control in Windows since the protection requires only that users click OK.

– Transforming a brand-name USB stick into a network card. Once active, the network card causes the computer to use a domain name system server that causes computers to connect to malicious sites impersonating legitimate destinations.

– Programming a brand-name USB stick to surreptitiously inject a payload into a legitimate Ubuntu installation file. The file is loaded onto the drive when attached to one computer. The tampering happens only after it is plugged into a separate computer that has no operating system present on it. The demo underscores how even using a trusted computer to verify the cryptographic hash of a file isn’t adequate protection against the attack.

– Transforming an Android phone into a malicious network card.

2. USB Killer

As the name says, it can kill your computer and in worse case even you. It can physically destroy your computer by blasting a load of voltage to the USB controller with negative voltage.

usb-killer

How?

The basic idea of the USB Killer is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down. Those familiar with the electronics have already guessed why we use negative voltage here. I‘ll explain to others that negative voltage is easier to commutate, as we need the N-channel field resistor, which, unlike the P-channel one, can have larger current for the same dimensions.

Put simply, the bits inside the USB drive draws max amount of current from the port to charges the battery (capactor) inside. When a certain level of potential is reached, it returns the power to the source, i.e. your USB controller on your PC’s motherboard. The amount of power returned overloads the circuits, blowing it into smoke. In worst cases, it can blow up the motherboard with loud flames hurting the user.

3. USBdriveby

USB-Driveby is interesting. USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a nasty list of nasty tricks:

  • It starts by pretending to be a keyboard/mouse.
  • If you have a network monitor app like Little Snitch running, it uses a series of keystrokes to tell LittleSnitch that everything is okay and to silence all warnings.
  • It disables OS X’s built-in firewall.
  • It pops into your DNS settings and tweaks them to something under the hacker’s control, allowing them to replace pretty much any website you try to visit with one of their own creation.
  • It opens up a backdoor, then establishes an outbound connection to a remote server which can send remote commands. Since the connection is outbound, it eliminates the need to tinker with the user’s router port forwarding settings.
  • It closes any windows and settings screens it opened up, sweeping up its footprints as it heads for the door.

usb-driveby

So in 30-60 seconds, this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed. And you thought it was just a USB dongle!

4. Pwn Plug

Pwn Plug works on the idea of being able to use a USB stick to carry a command ‘payload’ that would get automatically executed upon being plugged into the Pwn Plug. Now the hacker can run commands such as ifconfig, kick off an nmap scan, whatever he needs to find a backdoor into your system; and all the results are output back onto the USB stick.

How it works
1. This hack uses autofs to perform auto-mounting of the USB drive, and udev to launch an execution script when the USB drive is plugged in.

2.  udev is configured to run hacker’s auto-execution script.

5. KeySweeper

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring.

KeySweeper has the capability to send SMS alerts upon certain keystrokes being typed, e.g. “www.bank.com”. If KeySweeper is removed from AC power, it appears to shut off, however it continues to operate covertly using an internal battery that is automatically recharged upon reconnecting to AC power.

keysweeper

KeySweeper extends the work of Travis Goodspeed on the goodfet.nrf project and of Thorsten Schröder and Max Moser of the KeyKeriki v2.0 project.

6. USB password Stealer

Simple idea, clean implementation for windows. Steals all your passwords in Windows.

What you can do to Secure your PC?

USBs can be naughtier than you think. There is no one clear solution to this. In general, disable USB ports on public PCs, and in corporations. That might not work everywhere, so take care of who gets physical access to your running machine.

Know more USB PWNs? Let us know in comments

We write Latest in Tech, subscribe to us @geeknizer OR on Facebook Fanpage, Google+

GD Star Rating
loading...
GD Star Rating
loading...
Top 5 USB Hacks that PWN You, 8.5 out of 10 based on 6 ratings

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.