posted August 2014
An interesting read about how any usb device could be a potential threat. Some scary extracts:
Once reprogrammed, benign devices can turn malicious in many ways, including:
- A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
- The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
- A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.
And a scarier one...
No effective defenses from USB attacks are known.
Once infected, computers and their USB peripherals can never be trusted again.
Some proof of concept should be introduced in a week at the incoming Black Hat convention. This is gonna be good :)
There's actually something similar that you can already buy: The USB Rubber Duck