USB Necklace Hacks Your Computer In Blink Of An Eye
Samy Kamkar — developer of projects like that massive worm that conquered MySpace back in 2006, or SkyJack, the drone that hijacks other drones — has released a video demonstrating the abilities of a particularly ridiculous “necklace” he sometimes wears around.
Called USBdriveby, it’s a USB-powered microcontroller-on-a-chain, rigged to exploit the inherently awful security flaws lurking in your computer’s USB ports. In about 60 seconds, it can pull off a laundry list of nasty tricks:
- It starts by pretending to be a keyboard/mouse.
- If you have a network monitor app like Little Snitch running, it uses a series of keystrokes to tell LittleSnitch that everything is okay and to silence all warnings.
- It disables OS X’s built-in firewall.
- It pops into your DNS settings and tweaks them to something under the hacker’s control, allowing them to replace pretty much any website you try to visit with one of their own creation.
- It opens up a backdoor, then establishes an outbound connection to a remote server which can send remote commands. Since the connection is outbound, it eliminates the need to tinker with the user’s router port forwarding settings.
- It closes any windows and settings screens it opened up, sweeping up its footprints as it heads for the door.
So in 30-60 seconds, this device hijacks your machine, disables many layers of security, cleans up the mess it makes, and opens a connection for remote manipulation even after the device has been removed. That’s… kind of terrifying.
While the video above focuses on OS X, the methods tapped here aren’t exclusive to Apple’s platform. Kamkar says everything shown so far is “easily extendable to Windows or *nix.”
The worse part? You can’t do anything about it. A lot of these flaws are inherent to the way the USB protocol was designed and implemented across so many hundreds of millions of computers; short of filling your USB ports with cement or never, ever leaving your computer’s ports unattended while out and about, there’s no magic fix. Just check for the neck chains.
[via Hacker News]
You may also like...
-
-
-
James Gunn’s THE SUICIDE SQUAD Spinoff Series PEACEMAKER Trailer
-
-
-
-
Beautiful Screen Test Footage For Robin Williams Biopic ROBIN
-
DOCTOR WHO Season 13 Gets a Teaser Trailer, Title, and Premiere Date
-
Disney’s HOME ALONE Remake of HOME SWEET HOME ALONE Trailer is Here!
-
STAR TREK Docuseries THE CENTER SEAT: 55 YEARS OF STAR TREK Trailer
-
-
-
-
10 Latest Movie Effects That You Thought Were CGI, But They Weren’t
-
-
James Gunn’s THE SUICIDE SQUAD Spinoff Series PEACEMAKER Trailer
-
-
-
-
GRAND THEFT AUTO: THE TRILOGY – THE DEFINITIVE EDITION Coming Out Later This Year
-
Photos:INDIANA JONES 5 Actually Going To Include Time Travel?
-
-
Trailer: Jared Padalecki is Making a Comeback in WALKER Season 2
-
