A team of Israeli researchers have cataloged 29 different USB exploits and attacks. These attacks can come disguised as a smartphone charger connection, or may come hidden on a USB thumb drive. Plugging an unknown USB drive to your computer can be a security risk, because it could be loaded with malware. Similarly, using a public USB charging station, or a USB charger that you “found,” because if they have been tampered with, they can be part of an exploit. For a complete list of the 29 exploits, take a look at the article on Prosyscom Technews. The researchers categorized these exploits into 4 groups.
- Re-programmable micro-controller USB attacks – In this exploit, the device looks like a familiar USB device, such as a battery charger or USB flash drive, but is programmed to perform as a different device, such as a keyboard, to provide keystroke injection. These devices include:
- Rubber Ducky – a commercially available keystroke injector.
- USBdriveby – This flash drive key stroke injector exploit provides installation of backdoors and DNS replacement services on Apple devices running the OSX operating system.
- Reprogrammed USB peripherals – These are everyday USB devices that have been intentionally reprogrammed by the attacker, usually through the firmware update process.
- Unprogrammed USB device attacks – These attacks are generally about using a USB storage device or smartphone storage with special software or hidden partitions to ex-filtrate data from a network. Many of these exploits are designed to get past “air-gapped” networks that are not accessible from the Internet. Of the social engineering exploit of “baiting” is used to get authorized personnel to transport the flash drive on a secure facility.
- Electrical attacks – This exploit uses the USB device to deliver a device killing electrical shock.
The take-away here is that we need to be carefully about attaching unknown or “found” USB devices to our computers or networks. For more information and the complete list of 29 exploits, click through the following links.