- October 18, 2018
- Posted by: Kerry Tomlinson, Archer News
- Categories: Archer News, Cyber Crime, Cyberattack, Hacking, Industrial Control System Security, Mobile Devices, Posts with image
The bad guys can get into your computer through something that looks totally harmless.
Not Just Thumb Drives
By now, you may know that USB drives can be dangerous.
Attackers can and do sprinkle them in parking lots, hoping you’ll pick one up and plug it in — and let them right into your computer.
But why try this spray-and-pray tactic when they can get in more directly using the same USB port?
Now, attackers can turn that USB cup warmer, plasma ball and mini fan into weapons.
An example of a USB plasma ball. Image credit: Power TRC
“After this presentation, you will be even more paranoid and suspicious about USB gadgets,” said security engineer Luca Bongiorni at the Kaspersky industrial cybersecurity conference in Sochi Russia, last month.
“Pain in the A–“
He showed how far USB hacks have come.
“It is a fact that USB devices are a pain in the a—,” he told the audience.
People can rig these USB devices so they monitor what you’re doing online, Bongiorni said.
They can steal passwords and info, type in whatever they want, listen in on your conversations and even send a text message back to the attackers letting them know — all systems are go.
Bongiorni tried out the attack on a co-worker, reading up on his hobbies, like home brewing and sending him a USB mini-fridge with an attack device inside.
An example of a mini-fridge. Image credit: IMAGE
A USB drive can transmit data. But many gadgets like these are not supposed to transmit anything but electricity. The recipient will likely be less suspicious.
“Better if, for example, you weaponize one gadget that is not supposed to have data in it,” he explained. “Like a mouse, you know, that can exchange data.”
“In that case, the security awareness of the victim would be lower than finding a USB key, right?” he added.
Indeed, he said, his co-worker plugged it in — and he took over the computer from one floor below.
Luca Bongiorni talks about USB devices at the 2018 Kaspersky industrial cybersecurity conference in Sochi, Russia. Image: Kaspersky
Mice and keyboards are also easy targets, Bongiorni said.
Pack one with your USB attack device and send it to your victim.
Too far-fetched? No.
The devices look like simple adaptors, but Europol said they recorded keystrokes and took screenshots.
And with the help of devices hidden inside hard drives and power strips, the attackers found out when certain cargo containers were coming in to port and hijacked them.
Crooks used USB devices to hijack containers from the Port of Antwerp from 2011 – 2013, Europol said.
Bongiorni even makes his own USB spy devices and uses them for security testing.
His message to you?
Watch out for USB devices of any kind.
From the thumb drives that went out to delegates at the G-20 summit in St Petersburg in 2013, to the USB fan given to journalists at the Singapore summit between President Trump and Kim Jung-un this summer, to the cool plasma ball or cup warmer or mini fridge that showed up on your desk as a fun promo gift.
“Don’t trust unknown USB devices,” he said.
“Any,” he emphasized. “Not just flash drives. Even mouses. No.”
Main image: An example of a USB mini fridge. Image credit: Generic