Physical Attacks: Specific USB Attacks

So another physical device that I want to show you is called a Key Croc. So this is designed to sit between the actual USB keyboard and the computer. So this, again, is another device from Hak5. It’s an Arduino-based device. Again, it sits between the USB keyboard and the computer. So what this is, is when you plug it in, it operates as a key logger. So anything someone’s typing on the computer, it’s going to start recording. So I can take a look at passwords, usernames, and other critical information. And it’s just passively sitting there. It’s passing traffic through the keyboard, through this device, back to the computer. Antiviruses generally won’t pick it up, because it’s not executing a software payload.

It’s just a physical device sitting there intercepting that traffic before it passes it off. So that’s pretty dangerous in itself. What also makes this really dangerous is it’s capable of launching attacks that can be executed by typing on a keyboard. So it has the same scripting payload as a USB Rubber Ducky. And also, it has a WiFi adapter built in, so I can remotely trigger this thing, or I can remotely transfer that information that it collected. So if I somehow sneak in there, I plug it in to someone’s computer - let’s be honest, how often do you look at - follow all the cables on your USB - cables from your computer to wherever it’s going?

Probably not very often, especially your keyboard. So it’s small. It’s inconspicuous. I can trigger the payload remotely. I could have it transfer the information from the device back to me wirelessly. And I don’t even have to get physical access back to that computer again, once I get it on there. So again, that’s a pretty dangerous thing to have. Now, the last one I want to show you is called the USB Ninja. So if we look at this, it looks like any other lightning cable. It’s simple. Most people aren’t going to think, well, it’s something dangerous. No, it’s a lightning cable for your phone, to charge your phone or your device. They also have USB-C versions of this.

So this clever device is similar to the USB Rubber Ducky. So it’s by the Hackerwarehouse. It looks like an ordinary USB charging cable. Matter of fact, when you plug it in, it operates like a standard phone cable. So you plug it in the computer. Well, if a malicious hacker is using it, they’re hoping you plug it in your computer. Plug your phone in, and then it’s going to start charging. Matter of fact, you can charge your phone with it. You could transfer information back from your phone to your computer, just like any other phone cable. But it’s capable of launching attacks that are typed on a keyboard again. And it uses a scripting language. It can be triggered remotely.

I believe it’s Bluetooth.

Again, it looks like any other phone cable. You could drop this cable somewhere, hoping someone’s going to pick it up and use it. You could swap someone’s real phone cable with this. And again, it’s pretty innocuous. And it could be in conjunction with a social engineering attack. I could go, oh, hey, could I plug my phone into your computer and charge it? I have a cable. Or you could be talking with someone. While they’re distracted, you swap the cable. Or you could hand someone a cable and go hey, I bought you a phone cable here to charge your phone. I noticed your other one was pretty old, so here you go. Here’s a phone cable.

And then remotely trigger the payload. And go, OK, well, they’re getting up to make a copy, or they’re going to the bathroom or whatever. Click. Execute the payload on their computer. Again, these are all very dangerous physical attacks on the network.