Malicious Hardware Shield /cyber attack

Malicious Hardware Shield / cyber attack

Malicious Hardware Shield /cyber attack

One of the lesser known cyber threats is malicious hardware attacks. Literally, bugs in "rogue hardware devices" devices.

This technology is currently in the hands of criminal organizations that are using it against civilian commercial targets with no defenses against it. These enterprises never suspect that the seemingly legitimate devices they are using have been compromised, allowing access to key assets—often over long periods of time.

Often this breech is achieved by a legitimate company outsourcing peripherals from questionable and/or offshore sources. With the rise of "the internet of things", you smart TV, or computers with built-in cameras and microphones may outsmart you and surveil your home or office

USB Ports are a hacker's best friend!

In recent years, USB-ports are increasingly used for their power supply: charging up mobile phones and tablets. But when the USB-cable is plugged in, not only the power-supply is connected, but also a two-way connection is established. There is now more need than ever to assure that unsuspecting users do not "invite the devil into their home".

Apart from charging, USB is of course also used for transferring files between systems. Malware can travel via USB-sticks, just like any other device you connect to your computer. USB can also be used to connect a variety of peripherals, most of which are innocent. Unfortunately, malicious equipment can be bought on eBay/Amazon or other webshops very cheaply. Hacking via USB-equipment is now in reach of anyone.

Call Today!

Prevention is always better than the cure. Call now and talk to a cyber security expert. See where your strengths and vulnerabilities lie. See if you are already compromised, before losses mount up.

There is no charge for an initial consultation!

<< click here for Florida cyber security services >>

USB is a hacker's dream because it allows unlimited access to computers and even entire networks - via a large variety of hardware peripherals, like mouses, keyboards, smart phones, and thumb drives, etc. It is also not difficult to impersonate devices: a CPU on a USB-device, looking like a memory drive, can impersonate a keyboard, and suddenly any command can be executed as if it were typed by the owner of the device.

Fake network devices can make a PC route all network traffic to it, allowing that device to inspect the data in each and every network message. USB devices with storage (thumb drives, mobile phones, tablets) can not only be used to extract files from a PC, but also to inject malware into it. It is therefore mandatory to think about how to properly protect the USB-ports in an industrial control system.

Examples of Dangerous USB Devices

USB Rubber Ducky

Rubber Ducky is a device that can be bought from hakshop.com for $45. Despite it looking like any ordinary USB-stick, it isn't one. A small processor emulates a keyboard. The characters that it feeds to the PC can be stored on an SD-card, which can be programmed via a simple scripting language.

Cyber Security- "rubber ducky"
A rubber ducky is innocent looking - in packaging, and its internals. On the SD-card there is ample space to store very large scripts, 16 megabytes of storage suffices to store the largest scripts one could ever imagine.

Scripts can be edited by taking the SD card out of the 'Ducky', plugging it into a PC, and then any text editor can be used to modify the script.





Scripts can be executed by the rubber ducky!

When the 'Ducky' is plugged in a PC, it starts 'typing' after a few seconds. The device even works on some embedded devices. This means that not only PC's can be taken over, but probably any device that allows a keyboard to be attached to it via USB.

Commercial Product Promotion Devices

They come with product promotion folders, a flat, small, piece of cardboard with a USB-connector sticking out. This type of USB device can take over your PC, start a browser, and surf to a promotional website for the target product.

USB Keyboard Logger

Cyber Security - keyboard loggerA Keyboard Logger can be bought from Amazon for $50. Put it in a USB-port, plug the keyboard cable in the device, and it's ready. All keystrokes can now be followed via a built-in WiFi access point. The device has 16 megabytes of memory, where all keystrokes are stored. Because it is small, it is hardly noticeable, especially at the back of a PC.


LAN Turtle

Via the web shop of "HakShop" a variety of products can be ordered for use by penetration testers and network administrators, and of course also by hackers. An example of this is the "LAN Turtle", which has a USB connection and an Ethernet port. It looks like a generic USB/Ethernet converter,to "allow it to blend in easily in IT-environments" (according to HakShop).

The Turtle allows access from an outside network via a VPN connection (Virtual Private Network), can scan the internal network, and run tools like Meterpreter. It can run as a "man in the middle", exfiltrate data, and do DNS spoofing, etc. And all that for only $55. It runs on the USB power supply of the host computer.

Memory Mouse

Cyber Security - memory mouse
Some organizations do not allow the use of USB memory sticks to prevent data exfiltration. Actually that is very difficult to keep in check, since data can also be smuggled out via SD-cards, which are small enough to be hidden everywhere. But a USB memory stick does not have to look like a memory stick; the memory can also be hidden in another USB device, like (an innocent looking) mouse.

The Microsoft "Memory Mouse 8000" includes 1 Gbyte of flash memory and an industrial control system.

Note: because Linux and MacOS are rarely used in corporate office settings, we will mainly discuss solutions for Windows, whenever software is involved. This does not mean that for other operating systems identical solutions do not exist.

ID Pros of Florida

Tax Preparation DC on Facebook IRS Representation Wash DC on LinkedIn

Name  *Required
Phone
Email Address *Required
I'm interested in -
security code
refresh image

Enter Security Code:

Send Form


Cyber Security Partners

Our Partners

Cyber Security Partners

Florida cyber security services

Florida cyber security services

Identity Theft Protection

Legal Protection Plan

Florida cyber security services

Malicious Hardware Protection

Cyber Security Awareness Training

Cyber Security Awareness Training

Cyber Security

Cyber Security

Cyber Security

© 2018 ID Pros of Florida / Total Cyber Security & Identity Theft Protection
PMB 130 13194 US HWY 301 S. Riverview, FL 33578