Any USB Peripheral is a Potential Security Threat

Status
Not open for further replies.
G

Guest

Guest
Never saw the point of USB coffee cup Warmers, my EX-Boss had one though, placed in front of his keyboard, missed one day and ended up drowning his KB!
 

misry

Distinguished
Aug 11, 2006
864
1
19,010
Had a client once who actually asked about a "remote" control USB vibrator. Would have been something to brag about if she had looked like almost anyone other than the Granny in Hoodwinked. As it was she was a major reason I got out of retail.
 

LORD_ORION

Distinguished
Sep 12, 2007
814
0
18,980
You're missing the point. Mafia types have all sorts of knock offs that they sell. It wouldn't be a strech for them to sell a fake MS Basic Opical mouse with a hardware trojan embedded. You would never know your system is comprimisd.
 

Honis

Distinguished
Mar 16, 2009
702
0
18,980
This is more a warning to companies. It's a proof of concept that someone can take the mass produced generic keyboards from Dell/HP/etc. embed a custom circuit and gain access to any PC where they can swap the keyboards. The next time the user logs in bang! full access to the PC.
 

the_krasno

Distinguished
Sep 29, 2009
550
0
18,980
[citation][nom]AMDnoob[/nom]So... should I have every USB port on my computer padlocked?[/citation]

No, it means that you should be wary when using a thumb drive from an unknown brand or maker.
 

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
[citation][nom]wotan31[/nom]Everything is a potential security threat when you run a swiss-cheese of an OS, like Windoze.[/citation]I've seen a USB storage device that emulates a keyboard and mouse that was designed to install malware on any system it is plugged into. If the system automatically activates any USB-connected keyboards andthe active user's account can create/edit/execute any program (including .bat, .cmd, .vbs, .sh) then it is vulnerable. On most systems it can take over in about 3 seconds. It can't easily get root on a Linux system but can install keyloggers or exploit known daemon security holes. On Windows it can respond to the security dialogs.
 

maestintaolius

Distinguished
Jul 16, 2009
719
0
18,980
[citation][nom]jhansonxi[/nom]I've seen a USB storage device that emulates a keyboard and mouse that was designed to install malware on any system it is plugged into. If the system automatically activates any USB-connected keyboards andthe active user's account can create/edit/execute any program (including .bat, .cmd, .vbs, .sh) then it is vulnerable. On most systems it can take over in about 3 seconds. It can't easily get root on a Linux system but can install keyloggers or exploit known daemon security holes. On Windows it can respond to the security dialogs.[/citation]
Exactly, it's not that hard to hack a system if you actually get physical access, regardless of the OS. Especially if it's a device that you can convince the user they need to install additional software in order to get full use of the device.
 

f-14

Distinguished
Honis 07/09/2010 5:48 PM Hide -1+
This is more a warning to companies. It's a proof of concept that someone can take the mass produced generic keyboards from Dell/HP/etc. embed a custom circuit and gain access to any PC where they can swap the keyboards. The next time the user logs in bang! full access to the PC.

too bad this wasn't pointed out to express scripts 2 years ago when some one took their entire user data base, then they wouldn't have to put out a 5 million dollar reward for info leading to an arrest.
thanks toms, but this is old news.
 
G

Guest

Guest
That's what happens when you contract everything to Communist China.
 

Josea

Distinguished
Dec 27, 2009
51
0
18,630
I worked on computers for a major utility until a recent layoff. Of the 100's of people I asked only 1 refused to give me their network password (so I reset it to mummy becasue the network admin gave me the network admin password and installed the tools needed to reset passwords). Soon thereafter he was promoted to wireless security admin and I got the shaft. Does anyone have a link where I can get the aforementioned keyboard?
 
Status
Not open for further replies.