Uncategorized

MalDuino: Arduino-based BadUSB

MalDuino — Open Source BadUSB

https://www.indiegogo.com/projects/malduino-badusb-arduino-usb#/

MalDuino is an arduino-powered USB device which has keyboard injection capabilities. Once plugged in, MalDuino acts as a keyboard, typing commands at superhuman speeds. What’s the point? You could gain a reverse shell, change the desktop wallpaper, anything is possible. For penetration testers, hobbyists and pranksters the MalDuino will serve you well!

MalDuino — Open Source BadUSB

 

Standard
Uncategorized

USB Killer 2.0

As reported by Toms Hardware and other news sources, a new company in Hong Kong is selling a USB-frying unit called “USB Killer 2.0”, and a “USB Killer Test Shield”.

http://www.tomshardware.com/news/usb-killer-2.0-power-surge-attack,32669.html
https://www.usbkill.com/usb-killer/8-usb-killer.html
https://www.usbkill.com/blog/usb-kill-behind-the-scenes-b40.html

“Temporarily Out of Stock.”

Standard
Uncategorized

USBee

Dan goodin has an article on Ars about some BadUSB-like malware:

Meet USBee, the malware that uses USB drives to covertly jump airgaps

In 2013, a document leaked by former National Security Agency contractor Edward Snowden illustrated how a specially modified USB device allowed spies to surreptitiously siphon data out of targeted computers, even when they were physically severed from the Internet or other networks. Now, researchers have developed software that goes a step further by turning unmodified USB devices into covert transmitters that can funnel large amounts of information out of similarly “air-gapped” PCs. The USBee—so named because it behaves like a bee that flies through the air taking bits from one place to another—is in many respects a significant improvement over the NSA-developed USB exfiltrator known as CottonMouth. That tool had to be outfitted with a hardware implant in advance and then required someone to smuggle it into the facility housing the locked-down computer being targeted. USBee, by contrast, turns USB devices already inside the targeted facility into a transmitter with no hardware modification required at all. “We introduce a software-only method for short-range data exfiltration using electromagnetic emissions from a USB dongle,” researchers from Israel’s Ben-Gurion University wrote in a research paper published Monday. “Unlike other methods, our method doesn’t require any [radio frequency] transmitting hardware since it uses the USB’s internal data bus.”
[…]

http://cyber.bgu.ac.il/t/USBee.pdf

http://arstechnica.com/security/2016/08/meet-usbee-the-malware-that-uses-usb-drives-to-covertly-jump-airgaps/

 

Standard
Uncategorized

BadUSB 2.0

BadUSB 2.0 USB MITM POC: The advanced uses and capabilities of rogue USB hardware implants for use in cyber espionage activities is still very much an unknown quantity in the industry. Security professionals are in considerable need of tools capable of exploring the threat landscape, and generating awareness in this area. BadUSB2, is a tool capable of compromising USB fixed-line communications through an active man-in-the-middle attack. It is able to achieve the same results as hardware keyloggers, keyboard emulation, and BadUSB hardware implants. Furthermore, BadUSB2 introduces new techniques to defeat keyboard-based one-time-password systems, automatically replay user credentials, as well as acquiring an interactive command shell over USB. […] So how is this any different from existing USB hardware implants like the Rubber Ducky, or keyloggers. Firstly, the devices I’ve seen can only achieve one or two attack classes such as eavesdropping or message fabrication. BadUSB2 can eavesdrop, replay, modify, fabricate, exfiltrate data and BadUSB in one device. Furthermore, when combining these attack classes really interesting attack scenarios begin to surface. Secondly, keyboard emulation devices register as an additional USB device making them easy to detect and block, i.e. why do I now have two keyboards attached!? Yes, such devices can be easily detected and blocked. The same can be said of BadUSB, it often needs to register as a secondary USB device to perform a malicious task. BadUSB2 is an INLINE hardware implant giving it the stealth of a hardware keylogger but far more capabilities as mentioned above. Finally, (law of 3’s), just cos. […] This project builds on the USB-MITM architecture introduced by Rijnard van Tonder and Herman Engelbrecht in their paper titled, “Lowering the USB Fuzzing Barrier by Transparent Two-Way Emulation”. A special thanks to Rijnard for such a brilliant idea. […]

https://github.com/withdk/badusb2-mitm-poc

Standard
Uncategorized

USB Type-C authentication protocol: defense against bad cables

The USB-IF has developed a cryptographic-based authentication protocol to help protect from bad USB Type-C cables!

http://www.engadget.com/2016/04/13/usb-type-c-authentication-protocol/

http://www.businesswire.com/news/home/20160412005983/en/USB-3.0-Promoter-Group-Defines-Authentication-Protocol

http://www.usb.org/press/USB-IF_Press_Releases/USB_Type-C_Authentication_PR_FINAL.pdf

http://www.usb.org/press

Standard
Uncategorized

IBM research on USB eavesdropping attacks

IBM Research has new research on USB attacks and an “UScramBle” implementation for Linux:

USB Eavesdropping Attacks

Attacks that leverage USB as an attack vector are gaining popularity. While attention has so far focused on attacks that either exploit the host’s USB stack or its unrestricted device privileges, it is not necessary to compromise the host to mount an attack over USB. This paper describes and implements a USB sniffing attack. In this attack a USB device passively eavesdrops on all communications from the host to other devices, without being situated on the physical path between the host and the victim device. To prevent this attack, we present UScramBle, a lightweight encryption solution which can be transparently used, with no setup or intervention from the user. Our prototype implementation of UScramBle for the Linux kernel […]

Standard