In recent years, USB-ports are increasingly used for their power supply: charging up mobile phones and tablets. But when the USB-cable is plugged in, not only the power-supply is connected, but also a two-way connection is established. There is now more need than ever to assure that unsuspecting users do not "invite the devil into their home".
Apart from charging, USB is of course also used for transferring files between systems. Malware can travel via USB-sticks, just like any other device you connect to your computer. USB can also be used to connect a variety of peripherals, most of which are innocent. Unfortunately, malicious equipment can be bought on eBay/Amazon or other webshops very cheaply. Hacking via USB-equipment is now in reach of anyone.
Prevention is always better than the cure. Call now and talk to a cyber security expert. See where your strengths and vulnerabilities lie. See if you are already compromised, before losses mount up.
There is no charge for an initial consultation!
USB is a hacker's dream because it allows unlimited access to computers and even entire networks - via a large variety of hardware peripherals, like mouses, keyboards, smart phones, and thumb drives, etc. It is also not difficult to impersonate devices: a CPU on a USB-device, looking like a memory drive, can impersonate a keyboard, and suddenly any command can be executed as if it were typed by the owner of the device.
Fake network devices can make a PC route all network traffic to it, allowing that device to inspect the data in each and every network message. USB devices with storage (thumb drives, mobile phones, tablets) can not only be used to extract files from a PC, but also to inject malware into it. It is therefore mandatory to think about how to properly protect the USB-ports in an industrial control system.
Rubber Ducky is a device that can be bought from hakshop.com for $45. Despite it looking like any ordinary USB-stick, it isn't one. A small processor emulates a keyboard. The characters that it feeds to the PC can be stored on an SD-card, which can be programmed via a simple scripting language.
A rubber ducky is innocent looking - in packaging, and its internals. On the SD-card there is ample space to store very large scripts, 16 megabytes of storage suffices to store the largest scripts one could ever imagine.
Scripts can be edited by taking the SD card out of the 'Ducky', plugging it into a PC, and then any text editor can be used to modify the script.
When the 'Ducky' is plugged in a PC, it starts 'typing' after a few seconds. The device even works on some embedded devices. This means that not only PC's can be taken over, but probably any device that allows a keyboard to be attached to it via USB.
They come with product promotion folders, a flat, small,
piece of cardboard with a USB-connector sticking out. This type of USB device can take over your PC, start a browser, and surf to a promotional website for the target product.
A Keyboard Logger can be bought from Amazon for $50. Put it in a USB-port, plug the keyboard cable in the device, and it's ready. All keystrokes can now be followed via a built-in WiFi access point. The device has 16 megabytes of memory, where all keystrokes are stored. Because it is small, it is hardly noticeable, especially at the back of a PC.
Via the web shop of "HakShop" a variety of products can be ordered for use by penetration testers and network administrators, and of course also by hackers. An example of this is the "LAN Turtle", which has a USB connection and an Ethernet port. It looks like a generic USB/Ethernet converter,to "allow it to blend in easily in IT-environments" (according to HakShop).
The Turtle allows access from an outside network via a VPN connection (Virtual Private Network), can scan the internal network, and run tools like Meterpreter. It can run as a "man in the middle", exfiltrate data, and do DNS spoofing, etc. And all that for only $55. It runs on the USB power supply of the host computer.
Some organizations do not allow the use of USB memory sticks to prevent data exfiltration. Actually that is very difficult to keep in check, since data can also be smuggled out via SD-cards, which are small enough to be hidden everywhere. But a USB memory stick does not have to look like a memory stick; the memory can also be hidden in another USB device, like (an innocent looking) mouse.
The Microsoft "Memory Mouse 8000" includes 1 Gbyte of flash memory and an industrial control system.
Note: because Linux and MacOS are rarely used in corporate office settings, we will mainly discuss solutions for Windows, whenever software is involved. This does not mean that for other operating systems identical solutions do not exist.