This Little USB Necklace Hacks Your Computer In No Time Flat

Quick! The bad guy/super villain has left the room! Plug in a mysterious device that’ll hack up their computer while an on-screen progress bar ticks forward to convey to the audience that things are working!

It’s a classic scene from basically every spy movie in history. In this case, however, that mystery device is real.

Samy Kamkar — developer of projects like that massive worm that conquered MySpace back in 2006, or SkyJack, the drone that hijacks other drones — has released a video demonstrating the abilities of a particularly ridiculous “necklace” he sometimes wears around.

Called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks:

It starts by pretending to be a keyboard/mouse.
If you have a network monitor app like Little Snitch running, it uses a series of keystrokes to tell LittleSnitch that everything is okay and to silence all warnings.
It disables OS X’s built-in firewall.
It pops into your DNS settings and tweaks them to something under the hacker’s control, allowing them to replace pretty much any website you try to visit with one of their own creation.
It opens up a backdoor, then establishes an outbound connection to a remote server which can send remote commands. Since the connection is outbound, it eliminates the need to tinker with the user’s router port forwarding settings.
It closes any windows and settings screens it opened up, sweeping up its footprints as it heads for the door.
So in 30-60 seconds, this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed. That’s… kind of terrifying.

While the video above focuses on OS X, the methods tapped here aren’t exclusive to Apple’s platform. Kamkar says everything shown so far is “easily extendable to Windows or *nix.”

So what can you do to protect yourself from things like this? Not a whole lot, really — that’s why attacks like this and BadUSB are so freaky. A lot of these flaws are inherent to the way the USB protocol was designed and implemented across so many hundreds of millions of computers; short of filling your USB ports with cement or never, ever leaving your computer’s ports unattended while out and about, there’s no magic fix.

Comments

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document? That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the document

Clip & Convert Your Video Faster With Quicktime X & The New Handbrake 64-bit [Mac]

Recently a friend of mine asked for my help to find a video of a good presentation to be shown to one of his classes. He also requested for it to be iPod friendly as he would also distribute the video to his students. Three things came to my mind: Steve Jobs, Quicktime and Handbrake . Mr. Jobs is well known for his great presentations which are often used as references. I have several Apple Keynotes videos. For my friend, I decided to choose the one that introduced MacBook Air – the one that never fails to deliver the wow effect to the non-techie audience. It’s a part of January 2008 Macworld Keynote. First step: The Cutting To get only a specific part of the Keynote, I clipped the 1+ hour video into about 20 minutes using Quicktime X (which comes with Snow Leopard). I opened the movie using Quicktime X and chose Trim from the Edit menu ( Command + T ). Then I chose the start and end of my clip by moving both edges of the trimming bar to the desired position. To increase th

Ex-Skypers Launch Virtual Whiteboard Deekit

Although seriously long in the tooth and being disrupted by a plethora of startups, for many years Skype has existed as an almost ubiquitous app in any remote team’s toolkit. So it seems apt that a new startup founded by a team of ex-Skype employees is set to tackle another aspect of online collaboration. Deekit, which exits private beta today, is a virtual and collaborative whiteboard to help remote teams work smarter. The Tallinn, Estonia-based startup is headed up by founder and CEO, Kaili Kleemeier, who was previously a Head of Operations at Skype. She and three colleagues quit the Internet calling giant in 2012 and spent a year researching ideas in the remote team space. They ended up focusing on creating a new virtual whiteboard, born out of Kleemeier’s experience collaborating with technical teams remotely, specifically helping Skype deal with incident management. “Working with remote teams has been a challenge in many ways – cultural differences, language differences, a

Kiran Upadhyay

Search This Blog