The security experts Samy Kamkar (@SamyKamkar) has proposed a very interesting way to compromise an unlocked computer and deploy a backdoor on it simply by using a pre-programmed Teensy microcontroller.
The cheap ($20) pre-programmed Teensy microcontroller, dubbed USBdriveby, emulates a generic USB peripheral, like a keyboard or a mouse, when plugged into a machine.
The pre-programmed Teensy microcontroller misuses the trust computers usually give USB devices to execute malicious applications that are used to compromise the machine.
“Specifically, when you normally plug in a mouse or keyboard into a machine, no authorization is required to begin using them. The devices can simply begin typing and clicking. We exploit this fact by sending arbitrary keystrokes meant to launch specific applications (via Spotlight/Alfred/Quicksilver), permanently evade a local firewall (Little Snitch), install a reverse shell in crontab, and even modify DNS settings without any additional permissions.” explains Kamkar.
The applications launched by the USBdriveby are able to evade the local defense, like firewall or IDS, install a reverse shell in crontab and modify DNS settings. without any additional permissions and without the machine detecting and blocking its actions.
The technical details about the creation of the USBdriveby tool are available on the official project’s page.
“USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on an unlocked machine via USB in a matter of seconds. It does this by emulating a keyboard and mouse, blindly typing controlled commands, flailing the mouse pointer around and weaponizing mouse clicks.
In this project, we’ll learn how to exploit a system’s blind trust in USB devices, and learn how a $20 Teensy microcontroller can evade various security settings on a real system, open a permanent backdoor, disable a firewall, control the flow of network traffic, and all within a few seconds and permanently, even after the device has been removed.” states the official page of the project.
The USBdriveby attack is very insidious because it doesn’t request any additional permissions to run applications and without the target machine is able to detect any suspicious activity. Kamkar demonstrated that the USBdriveby works on Apple OS X systems, but the researcher confirmed that the attack can be easily modified to compromise Windows and Unix/Linux machines.
Kamkar explained that the USBdriveby could be easily ported on Arduino microcontrollers instead Teensy microcontrollers.
The experiment made Some Arduino microcontrollers can be also be used instead of a Teensy.
Below a Video POC of the USBdriveby attack:
If you are interested to proof the concept of hacking via USB, give a look to the BadUSB project, designed by Karsten Nohl and the srlabs team..
(Security Affairs – USBdriveby, hacking)