Hardware Hacking 101: Rogue Keyboards and Eavesdropping Cables
This is a live demonstration of hacking with keystroke injection attacks. We will be taking advantage of the inherent trust that computers place on what is believed to be a regular keyboard to unleash pre-programmed keystroke payloads at well over 1000 words a minute. We access the host system and bypass traditional security countermeasures for payloads that can include reverse shells, binary injection, brute force password attacks, and just about any attack that can be fully automated.
In this session we explore the fundamentals of attacks exploiting the trust the operating system places on USB human-interaction devices to demonstrate once again the old principle that if you can physically access a computing device, there is no real security to be had. I will review the hardware, its capabilities, how it can be used to breach OS security, and how attackers can enable it to perform a variety of nefarious tasks with its own suite of tools. I will then show how to build and install additional software and customize the device with binary or scripted payloads.
After exploring the building blocks of USB HID exploitation, we take the discussion to the next level by altogether removing the need for a device and exploring what attacks can be delivered directly by a plain USB cable. We dissect an easily-sourced, low-cost hardware implant embedded in a standard, innocent-looking USB cable providing an attacker with further capabilities, including among them the ability to track its own geolocation.
Clearly, complete control of a covert computer running with full system access can be used in a variety of network security attack scenarios that need to be accounted for in your threat model. We’ll discuss applicable security countermeasures.
Use your newfound knowledge for good, with great power comes great responsibility!