Any USB Peripheral is a Potential Security Threat

Toggle sidebar Toggle sidebar
Status
Not open for further replies.
Never saw the point of USB coffee cup Warmers, my EX-Boss had one though, placed in front of his keyboard, missed one day and ended up drowning his KB!
 
Had a client once who actually asked about a "remote" control USB vibrator. Would have been something to brag about if she had looked like almost anyone other than the Granny in Hoodwinked. As it was she was a major reason I got out of retail.
 
You're missing the point. Mafia types have all sorts of knock offs that they sell. It wouldn't be a strech for them to sell a fake MS Basic Opical mouse with a hardware trojan embedded. You would never know your system is comprimisd.
 
This is more a warning to companies. It's a proof of concept that someone can take the mass produced generic keyboards from Dell/HP/etc. embed a custom circuit and gain access to any PC where they can swap the keyboards. The next time the user logs in bang! full access to the PC.
 
[citation][nom]AMDnoob[/nom]So... should I have every USB port on my computer padlocked?[/citation]

No, it means that you should be wary when using a thumb drive from an unknown brand or maker.
 
[citation][nom]wotan31[/nom]Everything is a potential security threat when you run a swiss-cheese of an OS, like Windoze.[/citation]I've seen a USB storage device that emulates a keyboard and mouse that was designed to install malware on any system it is plugged into. If the system automatically activates any USB-connected keyboards andthe active user's account can create/edit/execute any program (including .bat, .cmd, .vbs, .sh) then it is vulnerable. On most systems it can take over in about 3 seconds. It can't easily get root on a Linux system but can install keyloggers or exploit known daemon security holes. On Windows it can respond to the security dialogs.
 
[citation][nom]jhansonxi[/nom]I've seen a USB storage device that emulates a keyboard and mouse that was designed to install malware on any system it is plugged into. If the system automatically activates any USB-connected keyboards andthe active user's account can create/edit/execute any program (including .bat, .cmd, .vbs, .sh) then it is vulnerable. On most systems it can take over in about 3 seconds. It can't easily get root on a Linux system but can install keyloggers or exploit known daemon security holes. On Windows it can respond to the security dialogs.[/citation]
Exactly, it's not that hard to hack a system if you actually get physical access, regardless of the OS. Especially if it's a device that you can convince the user they need to install additional software in order to get full use of the device.
 
Honis 07/09/2010 5:48 PM Hide -1+
This is more a warning to companies. It's a proof of concept that someone can take the mass produced generic keyboards from Dell/HP/etc. embed a custom circuit and gain access to any PC where they can swap the keyboards. The next time the user logs in bang! full access to the PC.

too bad this wasn't pointed out to express scripts 2 years ago when some one took their entire user data base, then they wouldn't have to put out a 5 million dollar reward for info leading to an arrest.
thanks toms, but this is old news.
 
I worked on computers for a major utility until a recent layoff. Of the 100's of people I asked only 1 refused to give me their network password (so I reset it to mummy becasue the network admin gave me the network admin password and installed the tools needed to reset passwords). Soon thereafter he was promoted to wireless security admin and I got the shaft. Does anyone have a link where I can get the aforementioned keyboard?
 
Status
Not open for further replies.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom